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wren Escape Catastrophe, time after time. 


Trouble never sleeps. Just ask Park Ranger Roy C. Sullivan who survived seven separate 
lightning strikes. Continuous, ongoing protection for your mission-critical data is a job 


for IBM’s ADSTAR" Distributed Storage Manager (ADSM) for HP-UX. ADSM integrates 


software 
P.UX unattended network backup and recovery, long-term archiving, Hierarchical Storage 


Management (HSM) and disaster recovery planning. ADSM supports over 30 client 


platforms and most leading databases and applications. This single powerful solution offers a consistent means of managing 
data storage in virtually any network configuration. Visit us at: www.ibm.com/storage/adsmhp for further 


information and to request a FREE network analysis - where using your input, we'll calculate ROI projections in the areas 
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such as backup, network management and productivity. 
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_ The only difference 
is the money you save. 


gee 
ith 17 years of knowledgeable experience monitors, memory and interfaces, as well as 
and reliable service, Monterey Bay Commu- : a variety of printers. 
nications is a leader in Hewlett-Packard workstation > All equipment is warranteed and eligible for 
remarketing. We’re professionals at pro- Hewlett-Packard maintenance. An 
viding HP 1000 and 9000 users with extensive parts and spares inventory 


> Qo 


reliable equipment that is functionally — and knowledgeable staff ensure 
and cosmetically identical to what HP Support / Tech Expertise : prompt service and immediate 
offers — and at substantial cost savings. Restsoeree delivery. 

ae - Maintenance Eligibility eee ; 
In addition to the 700 / 400 / 300 / 200 Substantial Cost Savings For more detailed information or 
series, Monterey Bay Communications Simple Order Processing a price quotation, give MBC a call at 
also offers mass storage systems, crosinnt stind 408/429-6144. 


CIRCLE 7 ON READER SERVICE CARD 


O VN’ TE. RE VY CB A VY The HP Workstation Remarketing Specialists 
7 _N 


Monterey Bay Communications Inc., 1010 Fair Avenue. Santa Cruz. CA 95060 Tel: 408-429-6144 Fax: 408-429-1918 


YOUR SOURCE 


FOR CD-ROM STORAGE SOLUTIONS 


CD ARCHIVING CD RECORD 5 DISC CD-ROM 
+ PRINTING REWRITE CHANGER 


From the latest in CD-Record/Write drives to 150 
disc capacity CD-ROM Jukeboxes used in archival 
storage, Consan offers a complete line of CD-ROM 
based solutions to meet your mass storage needs. 


Consan has focused on mass storage products for 


the past 10 years working to be the best high-end 
integrator for DISC, TAPE, RAID, and OPTICAL 
storage solutions. Call Consan Today: 


1-800-221-6747. 


18750 LAKE DRIVE EAST 
CHANHASSEN, MN 55317 
TEL:612-949-0053 
FAX:612-949-0453 
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WINSOCK COMPLIANT ¢ KEYBOARD REMAPPING ¢ 32 BIT ARCHITECTURE 
¢ DDE & OLE AUTOMATION ¢ NETWORK FILE TRANSFER (FTP & NFT) 
e RUNS ON DOS, MACINTOSH, WINDOWS, WINDOWS 95 & NT 


800/682-0200 


Internet address: sales@minisoft.com 
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312 Maple Ave. Snohomish WA 98290 
European sales: MiniSoft Marketing AG 41.41.340 23 20 


MiniSoft 92 is a registered trademark of MiniSoft Inc. All other trademarks are the property of their respective owners. 
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Virtual Web Hosting! 


Virtual Web Hosting is of special importance to Web hosting 
services. It can support a large number of users in a cost-effective 
manner that is completely transparent. This article looks at the two 
main options for implementing virtual Web hosting. 

Kartik Subbarao 
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Developing a Patching Strategy for 
HP-UX 10.x 


One of the proactive things you can do regarding HP-UX 
is to have a plan or strategy for patching your computers. This ar- 


ticle suggests ways to develop and implement such a plan. 
Scott W. Sarisky 


38 
Software Review: FacetWin 


The subject of this review is FacetWin, a Windows-to-UNIX con- 
nectivity package from FacetCorp, a division of Structured Software 
Solutions, Inc. 

Greg Cagle 
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Tough to scale 


Protect your investment in tape 
backup equipment with the 
LibraryXpress system. Begin with 
a base module containing one or 
two DLT4000 or DLT7000 drives 
and 10 cartridges. This will pro- 
vide you with a storage capacity of 
up to 700 gigabytes and a data rate 
of 72 gigabytes per hour. 


Easy to scale 


Scale up with any combination 
of stackable modules. Choose 
from a performance module, with 
up to five drives, or a capacity 
module, with 16 cartridges. 
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The exclusive Global Control unit passes cartridges between modules, allowing any cartridge to 


access any drive in the system, for true maximum system performance. Up to nine modules can be 


combined to create the ultimate automated storage system. Network administrators can 


continually fine-tune LibraryXpress expansion by balancing the ratio of tape drives to cartridges. 


Optimal configurations based on individual capacity, performance and budget requirements are 
easily achieved without the need to lock into a vendor-defined growth path of only a few possible 


configurations. 


TEM is a full solution provider: 


Combine LibraryXpress with our excellent software backup choices Alexandria and DallasTools. 


IEM: Providing Solutions for a Lights-out Environment 


In the U.S. and Canada: 
IEM, Inc., P.O. Box 1889 


Phone: (970) 221-3005 
(800) 321-4671 
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© 1997 Anis Inc. LX1.0497 


Fort Collins, CO 80522 USA 


In the United Kingdom: All others: 

IEM, Inc., Unit 6, Salisbury House, IEM International Sales 
Wheatfield Way, Hinckley Fields, 1629 Blue Spruce Drive 
Hinckley, Leicester LE10 1YG Fort Collins, CO 80524 USA 
Phone: +44 (0)1455 239000 Phone:  +[1] 970-221-3005 
Fax: +44 (0)1455 239668 Fax: +[1] 970-221-1909 
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How to Contact Interex... 


EDITORIAL SUBMISSIONS 


hp-ux/usr encourages readers to contribute their opinions, tips, 
and solutions. When sending letters for publication or to request 
author contribution guidelines, please address them to hp-ux/usr 
editor Michael Ehrhardt. 


Postal Address: Office Address: 
Interex 1192 Borregas Avenue 
P.O. Box 3439 Sunnyvale, CA 94089 


Sunnyvale, CA 94088-3439 


Because of the difference in zip codes between our office address 
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ehrhardt hp-ux/usr Letters to the Editor, 

Q&A, and requests for author guidelines 
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Shared Success for 
HP Computing 
Professionals 


As a not-for-profit association of HP computing professionals, 
Interex is dedicated to meeting the information, education, and 
advocacy needs of its members worldwide. 


In today’s world of rapidly changing technology, Interex puts 
hands-on solutions to hardware, software, and operating system 
problems at your fingertips. Because members actively contribute— 
exchanging ideas and sharing solutions—Interex is a vital link in 
the transfer of HP expertise. 


Operating independently from Hewlett-Packard, Interex has more 
than 20 years of serving HP computing professionals. Through its 
publications, conferences, and volunteer committee structures, 
Interex has the qualifications to represent you, a valuable member of 
the HP user community. 


Interex® is a trademark registered in the U.S. Patent and trademark office. 


It’s Time For Your Performance Review 


System performance management demands a ¢ Take proactive control of your system’s 

great deal. You must deal with current workloads performance with very little effort. 

while optimizing user response times. * Better utilize system resources and improve 
Simultaneously, you must plan for the future, efficiency of the entire data processing operation. 
anticipating where new performance problems ¢ Know the track record of your system’s 


will occur. SOS/9000 Performance Advisor for performance to determine future resource needs. 
HP-UX and SOS/X Performance Advisor for 

X Windows environment will help you maximize 
your 9000’s performance as well as provide you 
the information needed to effectively plan for 

the future. 


For more information or a Free demonstration copy 
Call Lund Performance Solutions Today! 541-926-3800 
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¢ Save thousands of dollars over other tools. 


¢ Let SOS/9000 Performance Advisor be your 
system performance “watchdog.” 


240 2nd Ave. SW * Albany, OR 97321 USA 
(541) 926-3800 © (541) 926-7723 (fax) 
PERFORMANCE SOLUTIONS — E-Mail: info@lund.com 


Performance Beyond Expectation — Visit our Web Site: www.lund.com SOs / 9000 
Performance Advisor 
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New Products 


Enterprise Connectivity 

WRQ’s Reflection PC-to-host connec- 
tivity products now support ActiveX, pro- 
viding powerful enterprise connectivity via 
a browser on Windows 95/NT desktops. 

Active Document support, part of 
Microsoft's ActiveX specification, makes 
it easy for corporate users to integrate 
Reflection within a browser shell. Users 
can access host data from the same 
browser they use to access their inter- 
nal corporate intranet, e-mail, and the 
external Web, taking advantage of the 
quick navigation and common user 
interface of browsers. 

This new capability is available in ver- 
sions of Reflection for HP, UNIX, and 
other hosts. The products support both 
Netscape Navigator and Microsoft 
Internet Explorer. 

Pricing for Reflection for HP is $399; 
for UNIX, $299. 

Contact WRQ, phone: (800) 872- 
2829 or (206) 217-7100, fax: (206) 217- 
0211, http://www.wrq.com. 


Java Development 

STEP Tools, Inc. has announced 
Version 1.6 of ST-Developer, which 
makes STEP easy to program with Java. 
In ST-Developer 1.6, Java objects are built 
from STEP objects using an EXPRESS-X 
compiler. The compiler generates code- 
to-map data from the neutral form 
defined by STEP into the forms needed 
by business processes. The STEP stan- 
dards let organizations define “open” 
databases for their CAD/CAM/CAE and 
PDM information. STDeveloper lets pro- 
grammers create applications to access 
this open information from Web 
browsers. | 

The 1.6 release also includes HTML 
versions of all documentation on the 
CD-ROM with the software, C and C++ 


libraries that can manipulate data 
defined by multiple standards simulta- 
neously, an SDAI binding that conforms 
to the Draft International Standard, and 
improvements to the EXPRESS-G tools. 
Contact STEP Tools, phone: (518) 276- 
2848, fax: (518) 276-8471, email: info@step- 
tools.com, http://www.steptools.com. 


Clustering 

Qualix Group, Inc. has announced 
HP-UX and IBM AIX/6000 compatible 
versions of QualixHA+ high-availability 
software. QualixHA+ provides applica- 
tion-oriented monitoring and recovery 
for clusters of up to 8 servers, enabling 
organizations to survive multiple system 
failures with almost no perceptible inter- 
ruption to their business-critical appli- 
cations. Intelligent application-oriented 
HA monitoring and load-balanced 
recovery minimize server downtime of 
mission-critical applications and servers. 
In addition, integrated modules permit 
individual monitoring of specific data- 
base and application environments. 

QualixHA+ can recover an entire 
server or recover a single troubled appli- 
cation, enabling the original server to 
remain operational. Should a server or 
application fail, any one of the cluster 
members can take over the function of 
the troubled service. Only those services 
that have failed are migrated, so no dis- 
ruptions are made to those not experi- 
encing error conditions. 

Prices start at $6,000 per node. 

Contact Qualix Group, phone: (415) 
572-0200, fax: (415) 572-1300, e-mail: 
info@qualix.com, http://www.qualix.com. 


Mainframe to Client-Server 
Migration 

APT of America, Inc. has announced 
G7-Migration, which helps companies 


**TTp 


is reselling PATROL®* technology 
and products because of the tight 
integration BMC Software is 
delivering through the 
HP OpenView enterprise 
solutions. Together, HP OpenView 


safety, accurately, and efficiently con- 
vert mainframe data and programs to 
run on the newer, most cost-effective 
client-server platforms. G7-Migration 
includes both a methodology and inte- 
grated products. The methodology con- 
trols and directs the move from 


and PATROL pro ide the highly 
OL desired complementary functionality 
that our customers need today in the 


areas of application and data management. 


Johnnie-Mike Irving, General Manager 
IMIG 


HP Professional Services Organization 
SOFTWARE 


for the Americas 
www.bmc.com/patrol 


mainframe to client-server, while the 
integrated products provide software 
tools and other aids that automate and 
facilitate each step of the migration. G7- 
Migration lets businesses migrate lega- 
cy applications and data to both UNIX 


and Windows NT client-server operat- Top industry leaders are relying on 
PATROL for a reason. 

To find out why visit us on the Web 

at: www.bmc.com/patrol 


Or call today: 800 811-6766 


ing environments. It supports all major 
relational databases, including Oracle, 
Sybase, and Informix. 


BMC Software, the BMC Software logos and all other product or service names are registered trademarks or trademarks of BMC Software, Inc. in the USA and in other select 
countries. ® and ™ indicate USA registration or USA trademark. Other logos and product/trade names mentioned are registered trademarks or trademarks of their 
respective companies. ©1997, BMC Software, Inc. All rights reserved. 
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G7-Migration methods allow compa- 


nies to perform migrations in a risk-free, 
orderly manner. With G7-Migration, the 
company is free to change between UNIX 
and Windows NT operating systems, as 


MegaCache-4000 
well as switch database vendors without New from Raptor Systems 
penalty, at any time after migration. 
Contact APT of America, phone: 
(941) 262-2555, fax: (941) 262-0527, 


http://www.g7-migration.com. 


Intranet Security Control 
Raptor Systems, Inc. has 
announced Raptor Axcess for 


In-Line Caching System 

Imperial Technology has an- 
nounced the MegaCache-4000, an in- 
line, easily installable caching system 
for HP computer users. The 


milliseconds—1/100 the time 
taken by conventional disks. 
The MegaCache-4000 has 
easily upgradable cache capaci- 
ty, from 268 MB to 8 GB. It uses 


files” in this partition to prevent them 


MegaCache-4000 immediately accel- 
erates the I/O performance of all 
installed SCSI disk drives and RAID 
arrays connected to single- or multi- 
ple-host computers. Plugged in 
between the host computer and the 
targeted storage units, its multiple 
Ultra-SCSI ports and two 100-MB/sec- 
ond internal buses make data stored 
on disks available to the host in 0.1 


up to six independent interface mod- 
ules that have two 40-MB/second 
Ultra-SCSI ports each. All ports can 
attach to either host computers or to 
disk storage. A combination of up to 12 
ports accommodates virtually any 
single-, dual-, or multiple-host system 
requirement. 

A user-partitionable solid-state disk 
enables the placing of known “hot 


from being flushed out of cache by 
other temporarily active files. 

The MegaCache-4000 is priced 
from $25,000. 

Contact Imperial Technology, phone: 
(800) 451-0666 or (310) 536-0018, 
fax: (310) 536-0124, http://www. 
imperialtech.com. 
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UNIX and Windows NT. Raptor Axcess 
is an information access control appli- 


cation that uses an open, extendible, 


scalable architecture. It provides secure, — 


centralized, and selective access to dis- 
tributed, Web-based information in 
intranets. : 

Web-based single sign on provides 
maximum performance 
intranet information systems. Axcess 
is completely vendor-neutral, as well 
as database independent, enabling 
users to establish secure information 


from 


access regardless of which firewalls, 
Web servers, platforms, or browsers 
they use. 

Raptor Axcess’s base license is priced 
at $15,000. Control for each additional 
Web server is $4,000 per server. 


News-Group Site Filtering 
Raptor Systems, Inc. has announced 
NewsNOT, a subscription service that per- 
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mits schools and businesses to filter out 
potentially objectionable newsgroup sites 
on the Internet. Integrated fully into THE 
WALL, Raptor’s simple, affordable fire- 
wall product, NewsNOT will enable sub- 
scribers to limit employees’ and minors’ 
access to network news sites, which may 
include objectionable materials. 

In addition, Raptor also offers 
WebNOT, which enables firewall admin- 
istrators to manage access to content on 
the Web and in network news sites. 

Contact Raptor Systems, phone: 
(617) 7700, fax: (617) 487-6755, 
http://www.raptor.com. 


Manufacturing Execution System 
FASTech Integration, Inc. has an- 
nounced FACTOR Yworks 2.2, its latest 
version of FASTech’s integrated Manu- 
facturing Execution System (MES) soft- 
ware solution. 
FACTORYworks 2.2 includes func- 


tionality and performance enhancements, 
and features a Recipe Management 
Services that enables centralized recipe 
storage and management, Carrier man- 
agement, which enables creation of car- 
riers and carrier types and maintains 
carrier information; and Context Attri- 
bute Management, which defines con- 
text attribute tables. 

Combining graphical configuration 
tools with an integrated suite of run- 
time applications, FACTORYworks pro- 
vides a complete MES environment for 
managing shop floor operations. It 
incorporates a three-tier, object-oriented, 
client-server architecture. 

Contact FASTech Integration, phone: 
(617) 259-3131, fax: (617) 259-3188, 
http://www.fastech.com. 


New from Legato Systems 


Storage Management 

Legato Systems, Inc. has announced 
NetWorker Power Edition for Microsoft 
Windows NT Server Enterprise Edition 
4.0. NetWorker Power Edition is a high- 
end solution for backup and recovery 
of large Windows NT Server installa- 
tions. Power Edition scales effectively to 
harness the maximum I/O bandwidth 
of high-end Intel platforms while other- 
wise minimizing use of CPU resources. 

NetWorker Power Edition makes 
extensive use of multiple, parallel 
processes to speed backup and restore 
operations. It scales to deliver better per- 
formance on systems with more than 
four processors. 

NetWorker Power Edition uses ad- 
vanced shared-memory techniques to 
speed the backup and recovery process in 
large Windows NT implementations. The 
use of 4GB Memory Tuning increases 
the potential RAM allocated to Power 


Edition on a VLDB system. Power Edition 
clients on Windows NT Enterprise Server 
Edition 4.0 provide file- and system-level 
backup and recovery for cluster nodes. 

NetWorker Power Edition is priced 
at $5,000. 


Enterprise Storage Management 

Legato Systems has also announced 
NetWorker 4.12 for NetWare, which 
offers full support for all NetWare data 
and resources, including full NDS file 
and object level backup/recovery. 

Key new features in NetWorker 4.12 
for NetWare include support for addi- 
tional OS versions, simplified installa- 
tion from multiple platforms, and 
support for new SMS resources that 
improve NDS backup and recovery. A 
new administrative Windows NT-based 
GUI manages all NetWorker servers from 
a single interface, enabling users to con- 
figure, monitor, and manage multiple 
servers on any NetWorker platform 
simultaneously. 

Pricing for the NetWorker 4.12 for 
NetWare starts at $1,000 for the Work- 
Group Edition and $2,000 for the 
Network Edition. 

Contact Legato Systems, phone: 
(650) 812-6000, fax: (650) 812-6032, 
http://www.legato.com. 


New from O’Reilly & Associates 


Designing with JavaScript 

O'Reilly & Associates have announced 
Designing with JavaScript, by Nick Heinle. 
This is a book for Web authors who want 
to dive right into JavaScript and learn by 
doing. Written for nonprogrammers, it 
introduces programming principles in 
the context of creating scripts that make 
interactive, engaging Web sites. The book 
gets the user writing code right away, 


Intel 


Corp. is integrating 
PATROL*® management 
technology into 
the i960RP I/O 


processor in order 
to provide the direct management 


ROL capabilities for I/O subsystems 
customers are asking for. 


Top industry leaders are relying on 


PATROL for a reason. 


To find out why visit us on the Web 


at: www.bmc.com/patrol 
Or call today: 800 811-6766 


SMG 


SOFTWARE 


www.bmc.com/patrol 
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countries. ® and ™ indicate USA registration or USA trademark. Other logos and product/trade names mentioned are registered trademarks or trademarks of their 
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explains why the scripts work, and shows 
how to alter them to get custom effects. 
The examples, taken from real Web sites, 
illustrate how to make a madlib game, 
check browsers for plug-ins, create 
“rollover” effects, and more. By the end of 
the book, the reader will be able to write 
groundbreaking scripts from scratch. The 
explanations are clear, detailed, and acces- 
sible; every script, concept, and line is 
explained and illustrated. 

Designing with JavaScript: Creating 
Dynamic Web Pages (ISBN: 1-56592-300- 
6), is priced at $29.95. 


Learning Perl, 2nd Edition 

O’Reilly & Associates has released 
Learning Perl, 2nd Edition, by Randal 
Schwartz and Tom Christiansen. This 
new edition fully covers the world of 
Perl, Version 5. Examples and exercises 
have been radically updated to reflect 
typical usage under Perl 5, and the book 
has been expanded to introduce Perl 


references and CGI programming. 

Learning Perl, 2nd Edition provides 
a systematic, step-by-step, tutorial ap- 
proach to learning the language. The 
book includes numerous short code 
examples throughout all the main fea- 
tures of the language. In addition, 
each chapter contains exercise prob- 
lems, together with their solutions. 
Anyone who works through the book 
will be capable of programming with 
a broad and productive range of Perl 
features. 

Learning Perl, 2nd Edition (ISBN: 1- 
56592-284-0), is priced at $29.95. 

Contact O'Reilly & Associates, phone: 
(800) 998-9938 or (707) 829-0515, fax: 
(707) 829-0104, http://www.ora.com. 


UNIX Imaging Products 

Augrin Software/AutoGraph Inter- 
national (AGI) has announced Easy- 
Copy/Page and EasyCapture, parts of 
its EasyCopy and FleXprint product 
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lines for input, conversion, and out- 
put management. 

EasyCapture is designed for easy 
integration into applications and 
provides the screen capture function 
for EasyCopy/Page and other AGI 
products. 

Designed for UNIX workstations, 
EasyCopy/Page can import and place 
on the page images in any of the sup- 
ported formats, manually or with the 
use of autoarrange. Image size, posi- 
tion, and colors can be edited. Easy- 
Copy/Page integrates with other 
programs, which can be installed to act 
as import filters to expand the number 
of supported file formats. 

EasyCopy/ Page pricing starts at 
$1,695, and EasyCapture pricing starts 
at $395. 

Contact AGL, phone: (408) 436-7227, fax: 
(408) 436-7255, e-mail: sales@augrin.com, 
http://www.augrin.com. 
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COSMOS/Works 3.0 


CD Recording 

Kodak has announced that Young 
Minds, Inc. will provide the enhanced 
option for its Disc Transporter aimed at 
meeting the needs of users of CD-pro- 
duction systems. The adapter kit’s open 
architecture allows Young Minds to com- 
bine its CD-Recordable solutions and 
the robotics of the Kodak Disc Trans- 
porter with internal half-height CD-R 
drives from leading manufacturers. 

With this agreement, the Kodak Disc 
‘Transporter is available with CD-R drives 
costing less than $1,000. 

Working with the Kodak Disc Trans- 
porter, Young Minds CD Studio is a net- 
workable, scalable, “plug-and-play” system 
that fits a wide range of imaging and other 
CD-R applications. CD Studio combines 
innovative premastering software, an intel 
ligent controller, and CD Writer. 

Contact Kodak, phone: (716) 588- 
8167, http://www.kodak.com. 


Manufacturing Software 

ShopPro Software has announced 
ShopPro Version 8.2, which exploits real- 
time Windows graphics capabilities for a 
quicker fix on problem areas for businesses 
addressing ever-changing situations. 

A complete graphical scheduling 
system allows users to instantly review 
bottlenecks and quickly resolve schedul- 
ing conflicts. A Project Estimating Work- 
sheet assists manufacturers of complex 
equipment in developing accurate cost 
budgets for specific components or mod- 
ules. An order entry module enables 
users to process multiple line items 
against a single purchase order, while still 
permitting the ShopPro system to route, 
schedule, cost, and control line items 
individually or in total. An Executive 
Information System allows users to view 
aspects of the business that are operat- 
ing outside predetermined parameters. 

ShopPro’s Windows system runs as a 
true client-server application on PC net- 
works (Novell or Windows NT), as well 
as Windows 95 applications on HP-UX 
and other platforms. 

Contact ShopPro Software, phone: 
(513) 733-0066 fax: (513) 733-9816, e-mail: 
info@shop-pro.com, http://www.shop- 
pro.com. 


ANSI/ISO C++ Library | 
ObjectSpace, Inc. has announced that 

all versions of its ANSI/ISO C++ Standard 

Template Library (STL), sold under the 


‘brand name Standards<Toolkit>, are avail- 


able for immediate download from 
http://www.objectspace.com free for most 
commercial uses. Today the most portable 
version of STL is available on the Internet 
from ObjectSpace, complete with source 
code and online HTML tutorials. 
ObjectSpace provides several exten- 
sions to the ANSI/ISO Standard C++ 


Library, including advanced libraries for 
multithreading and distributed system 
development. These libraries work out of 
the box with the Standard C++ Library 
shipped as part of the compiler, or with 
Standards<ToolKit>, now freely available 
from ObjectSpace. The ObjectSpace prod- 
uct line of Standard Extensions includes 
Foundations<ToolKit>, Communica- 
tions<ToolKit>, and Web<ToolKit>. These 
products are also sold as a bundle called 
Systems<ToolKit>. 

Contact ObjectSpace, phone: 
(972) 934-2496, fax: (972) 663-9099, 
http://www.objectspace.com. 


New from NxTrend Technology 


Distribution Software 

NxTrend Technology, Inc. has an- 
nounced Version 8.0 of its Trend distrib- 
ution software solution. Version 8.0 
features enhancements to the existing 
product and introduces three new 
modules: Value Add, Warehouse Logistics, 
and Corporate Assistant. These modules 
incorporate emerging standards in the 
industry such as push technology, Internet 
enabling, and data warehousing. 

Trend 8.0 enhancements address the 
areas of data archiving, financial bal- 
ancing, service warranty remanufactur- 
ing, and year 2000 support. 


Distribution Management 

NxTrend Technology has also 
announced Version 17.7 of its Supply 
House Information System (SHIMS). 
The enhancements include a new login 
screen, security system, alternate access 
information setup, and menu structure. 
The new login allows quick, accurate 
access to needed software issue infor- 
mation. The new security system enables 
customized access to SHIMS accounts 


“SAP 


believes that PATROL® 

currently offers one of the 

leading solutions for in-depth 
monitoring and 
management of R/3. 
It is important that 


our customers have management tools 


Dr. Arnold Niedermaier, 


Technology Marketing 
SAP AG 


Top industry leaders are relying on 


PATROL for a reason. 


To find out why visit us on the Web 


at: www.bmc.com/patrol 
Or call today: 800 811-6766 


BMC Software, the BMC Software logos and all other product or service names are registered trademarks or trademarks of BMC Software, Inc. in the USA and in other select 
countries, ® and ™ indicate USA registration or USA trademark. Other logos and product/trade names mentioned are registered trademarks or trademarks of their respective 
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and menus. The new alternate access 
information setup provides the ability 
to customize the information that dis- 
plays in the scroll windows throughout 
SHIMS. 

Additional product tracking and cash 
application efficiency features have been 
added. 

Contact NxTrend Technology, 
phone: (719) 590-8940, fax: (719) 528- 
1465, e-mail: info@nxtrend.com, 
http://www.nxtrend.com. 


Mathematical Computation 
Wolfram Research, Inc. has released 
Version 3.0.1 of its Mathematica system. 
New optimizations have led to major 
speed increases in almost all kernel oper- 
ations under both Windows 95 and NT. In 
particular, performance on Pentium-class 
processors has been greatly enhanced. 
Mathematica now performs even 
more algebraic transformations, sums, 


simplifications, and symbolic integra- 
tions than before—vastly more than 
were possible for either computers or 
humans. 

_ Printing under Windows has been 
improved and now requires significantly 
less memory. 

Wolfram Research also announced a 
Mathematica-powered Web site, The 
Integrator (hitp://www.integrals.com) , which 
can solve integrals interactively via a Web 
browser. The user types in an integral, which 
The Integrator sends to a Mathematica ker- 
nel as a MathLink message. The integral 
is solved using Mathematica’s built-in inte- 
grate function, then returned to the ker- 
nel, which embeds the output in a Web 
page on the fly. 

Contact Wolfram Research, phone: 
(217) 398-0700, fax: (217) 398-0747, 
e-mail: info@wolfram.com, http://www. 
wolfram.com/. 

Continued on Page 66 
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Question and Answer 


QQ: In a previous column you indicated that using /p to output to a file would over- 
lay the contents; yet I observed that /p is appending instead. 


4%: Oops...When using the dumb model script, this appears to be the behavior. 
I suspect it is something inherent in the way the spooler opens the output file, 
but I don’t know of a way to change this. 

An alternative is to replace the dumb model script with one that you write in which 
the output device file is always /dev/nulland the script creates the desired file from a 
-o option. That way, users could specify their own print files on the command line. 

For users who cannot specify command line options, you could have the script 
create a unique print file, something like: 


cat > /tmp/SUID.$$.prn 


where $UID is set from the params passed to the script ($2). See the dumb script for 
info on how to parse out the user ID. The $$ inserts the current process ID (PID) 
into the string, so the user’s output file would be something like: 


/tmp/blh.1234.prn 


and every /pcommand would generate a new file name. Or the script could simply 
write to /tmp/$UID.prn, but just before starting the cat command, remove the file and 
recreate it in the script. 


Qa: As a new account manager of an HP-UX trusted system (Version 9.04) at a 
small community college, I have been using SAM to add/remove accounts for 
student e-mail. This is an increasingly time-consuming task. Is there a way to 
automate the process using other software or scripts? 


#&= You might try using the adduser script that comes with SAM. Listing 1 is 
simple batch program that will generate encrypted passwords. You can get the 
undocumented params to /usr/sam/bin/addusr by reading /usr/sam/log/samlog. As 
an example: 


addusr -u “timc” -g “users” -d “/users/timc” 
-i “Joe Doe,3179/Los Altos, 820-6537," -s “/bin/ksh” 
-p “OMx4NmUtRmVpE” -v 391 


From this logfile entry, the params can be determined: 
-u= user name 
Biel ei 
-d= home directory 
-i = full name for user 
-s = shell 
-p = password (encrypted, ready to be pasted into passwd) 
-v= user ID number 


Ongs- = M2 


The addusr program will also copy all 
files in /etc that have the form: d.<name> 
(as in d.profile and d.kshrc) to the user’s 
$HOME directory and remove the leading 
d (d.profile becomes .profile). These are 
the skeleton files needed by new users. 

As with all C programs, the #include 
statements must begin in column 1; the 
rest of the code may have leading spaces. 

For 10.xx, SAM provides a docu- 
mented useradd(1m) command with 
more options. The pw program in 
Listing I can be used with 10.xx but 
usradd(Im) does not provide an option 
to supply a password when building a 
new account. 


QE I wrote a script to perform some 
tasks in the background and it works 
when I run it from a login, but fails 
when I put it into cron or into the 
intial boot rc files. It says: Command not 


found. 


A&= Users new to UNIX systems may 
become accustomed to the login 
environment they work within, but this 
environment does not follow the user 
into non-login sessions such as cron and 
startup/shutdown. Your user ID does 
not carry with it the $PATH value or 
any other special variables set when 
you log in. “Command not found” 
probably refers to a command located 
in a non-standard location. 

There are a couple of schools of 
thought to writing such scripts: 


m Set $PATH at the start of such scripts 
to include the paths needed by the 
script. The downside is the extra 
searches required to locate a specif- 
ic program (searches in locations 
where the program does not exist). 


Password Generator Program 


#include <stdio.h> 


#include <time.h> 
/* Ist param is the desired password */ 
/* A random seed (2 chars) will be */ 
/* automatically chosen. */ 


/* For good passwords: */ 


/* Use random chars, mixed apha- */ 
ae numerics and MiXeD CaSe for */ 
‘og better protection. */ 


Main(argc, argv) 
int argc; 
char *argv[]; ’ 


{ 


char salti3i; 

char *EncryptedPasswd; 
int CheckRand; 

int Fixup; 

int SeedChar; 


printf("“\nUsage: pw <password_to_encrypt>\n\n"); 


/* Generate a random starting point for seed characters */ 


srand(time (NULL) ) ; 
for ( SeedChar = 0; SeedChar <= 1; SeedChar++) { 
CheckRand = 46 + rand() % 76; 
/* random number from 46 to 122 */ 
Fixup = 7 + rand() $ 13; 
/* random number from 7 to 20 ey 
salt[SeedChar] = toascii(((CheckRand >= 58 && CheckRand <= 64) || 
(CheckRand >= 91 && CheckRand <= 96) 
? CheckRand + Fixup : CheckRand) ); 


EncryptedPasswd=crypt (argv[1], salt); 
printf (“\nRequested pw= %s, Seed= %s, encrypted pw= %s\n’”, 
argv[1], salt, EncryptedPasswd) ; 
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m Explicitly hardcode the full pathname for the program, as 
in /usr/bin/grep -i testvalue /etc/passwd rather than 
just using grep by itself. 


I prefer the latter for efficiency but take it a step further 
to cross versions of HP-UX in which the same script runs in 
both systems: 


MYREV=‘uname -r | cut -f 2 -d .° 
if [ SMYREV -1t “10” ] 
then 
MYREV=‘echo $MYREV | cut -c 2-5° 
fi 
MYREV=*echo $MYREV | cut -c 1-12°* 
if [ “SMYREV” -lt “10.0” ] 
then 
TENO=/bin/false 
NOTTENO=/bin/true 
HPUX=/hp-ux 
CHECKLIST=/etc/checklist 
SYSLOG=/usr/adm/syslog 
SULOG=/usr/adm/sulog 
LAST=/etc/last 
FTP=/usr/bin/ftp 
HP9000300=/bin/hp9000s300 
HP9000700=/bin/hp9000s700 
GREP=/bin/grep 
IFCONFIG=/etc/ifconfig 
USRTMP=/usr/tmp 
IOSCAN=/etc/ioscan 


else 


TENO=/usr/bin/true 
NOTTENO=/usr/bin/false 
HPUX=/stand/vmunix 
CHECKLIST=/etc/fstab 
SYSLOG=/var/adm/syslog/syslog.log 
SULOG=/var/adm/sulog 
LAST=/usr/bin/last 
FTP=/usr/bin/ftp 
HP9000300=/usr/bin/hp9000s300 
HP9000700=/usr/bin/hp9000s700 
GREP=/usr/bin/grep 
IFCONFIG=/usr/sbin/ifconfig 
USRTMP=/var/tmp 
IOSCAN=/usr/sbin/ioscan 

fi 
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This preface to the script means that I can write a script 
using $GREP or $FTP (rather than just the program names) 
and be assured that a full pathname will be used. In the exam- 
ple, you can see other features that have been coded to match 
the op system rev. 


QQz | am writing a shell script that needs to strip out just 
pathnames from a file containing full pathnames and 
filenames, but dirname seems to be quite slow. Any alternatives? 


#&= Several. Assume that the file was created from a find 
command as in: 


find /usr/share/lib/terminfo > /usr/tmp/testme 


l. sed -e “s:/[*/]*$::” /usr/tmp/testme 
2. while read MYPATH; do echo ${MYPATH%/*}; done < 
/usr/tmp/testme 


3. perl -pe ‘s:(.*)/.*:$1:’ < /usr/tmp/testme 


QQ? | just installed a 10.xx system and my users are unable 
to log in using ftp. The error is “incorrect password.” Telnet 
works just fine. What’s happening. 


4X: fip isa special environment;. it does not log in as would 
a terminal but instead uses the ftp daemon to handle user 
validation. However, the user’s choice for a shell (from the 
password file) is not used by ftp in the same way as telnet. 
Instead, it validates that the user’s shell is found in the 
/etc/shells file. Be sure all the shells used on your system are 
listed there for the use of the getusershell(3c). 


Qi: How does the man command process a man page, 
especially if the page is compressed? 


#&: Here’s the equivalent of the man command: 


cd /usr/man/cat1.Z 
cat id.1 | zcat | tbl -TxX | neqn | nroff -man | col -x | 


more 


Note the use of cat piped to zcat. zcat insists on appending 


_& 


.Zto any filenames without the .Z exten- 
sion, so the pipe protects the filename 
from this behavior. 


QE I have seen patches that offer a 
new LVM bad block relocation policy 
at 10.x. How does it differ from the 
existing policies and how is it 
enabled? 


4&5 The bad block relocation policy 
is set via the luchange or lwvcreate 
command. The -r option is used: 


# lvcreate/lvchange -r y|n|N 


The y flag means that bad block reloca- 
tion will be used when a bad block is 
encountered. This means that an alter- 
nate block will be allocated from a 
reserved pool. The bad block directory 
will contain the bad block and the alter- 
nate. If the relocation is successful, no 
error is returned at the application level. 
All subsequent I/O for the bad block 
will be directed to the alternate. 

The n flag means that LVM does not 
attempt to relocate the bad block. 
Instead, it is marked as defective in the 
bad block directory. Subsequent I/O to 
this block will not be attempted since it 
exists in the directory. 

The N flag means that LVM does not 
attempt to relocate the bad block, but 
it is not added to the bad block direc- 
tory. Subsequent I/O to this block will 
continue to be attempted. 

It is important to understand the dif- 
ference between the nand N. Ifa block 
is marked in the bad block directory, 
LVM will not attempt to access this 
block. Therefore, if the bad block, which 
appears in the bad block directory, has 
been fixed (e.g., diagnostics used to 


hardware spare the block), LVM will still return an error. This will be the case when 
policy nis being used. If policy Nis being used and a bad block is hardware spared, 
LVM will access the block successfully once fixed. 


Qi: What is the maximum amount of shared memory available at 10.30? 


4%: At 10.20, the maximum amount of shared memory is 1.75 GB. At 10.30, 2.75 
GB is the maximum shared memory size. Applications can address up to a 
system-wide limit of 2.75 GB of shared memory. This 2.75-GB limitation is also 
available at HP-UX 10.20 with patches. 

Only executables that are linked to the new SHMEM_MAGIC executable type can 
access up to 2.75 GB of shared memory. Note that SHMEM_MAGIC is an interim 
solution until 64-bit addressability is available with a true 64-bit kernel. 


® 


QQE Is it possible to tell when a product or bundle was installed on a system? 


4#%= You can obtain this information via the swlist(1M) command. It is possible to 
display attribute information regarding objects at all levels. The man page for 
sd(4) describes all of the attributes. To find the installation date of the product 
Glance: 


# swlist -a install_date -1l product Glance 
# Initializing... 
# Contact target “systemB”... 
# Target: systemB:/ 
= 
Glance 199704181415.36 


The output shows that the product was installed on April 18, 1997 at 14:15:36. 
Using the ~-v option with swilist will also display all of the attribute values for the spec- 
ified level. Here is a small amount of output from the command: 


# swlist -v -l product Glance 


Glance 
product 
tag Glance 
data_model_revisio 2.10 
control_directory Glance 
size 20598716 
revision B.10.20.89 
title HP GlancePlus/UX 
date 04/18/97 14:15:36 EDT 
timestamp 861387336 
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install_source systemA.atl. hp.com: /teno/800/10.20/Jan97.3 


install_type physical 
HP-UX_B.10.20_700/800 
9000/ [678] ?? 


GLANCE GPM GPM-JPN 


architecture 
machine_type 
all filesets 


location /opt/perf 


Qa= What is DHCP and how is it used? 


#&= DHCP is an acronym for “Dynamic Host Configuration Protocol.” It is an 
emerging Internet standard defined by these Internet RFC’s: 


RFC 1541 Dynamic Host Configuration Protocol 

RFC 1542 Clarifications and Extensions for the Bootstrap Protocol 
RFC 1533 DHCP Options and BOOTP Vendor Extensions 

RFC 1534 Interoperation Between DHCP and BOOTP 

From RFC 1541: 


“The Dynamic Host Configuration Protocol (DHCP) provides a framework for 
passing configuration information to hosts on a TCP/IP network. DHCP is based 
on the Bootstrap Protocol (BOOTP), adding the capability of automatic alloca- 
tion of reusable network addresses and additional configuration options. DHCP cap- 
tures the behavior of BOOTP relay agents, and DHCP participants can interoperate 
with BOOTP participants.” 

The overall purpose of this is to reduce the work necessary to administer a large 
IP network. DHCP servers have been supported at HP-UX 10.10 and later releases. 
DHCP addressing has been supported since HP-UX 10.20 for Series 700 and Series 
800 clients, through either auto_parms(1M) or Ignite-UX. The term “client” indi- 
cates a system that receives its IP address assignment from a DHCP server. 

The DHCP server can be administered through SAM or manually. Via SAM, a num- 
ber of tasks are available from the “Bootable Devices” subarea within the “Networking 
and Communications” area. The command line tool dheptools(1M) further simplifies 
the management of DHCP devices. 


©Q= Must my system be running 10.10 to update to 10.20? 
4#%&= No. You can update your system directly to 10.20 from 10.01. 
At 10.01 or 10.10, you must install and run swgettools from your 10.20 media to get 


the appropriate SD tools on the system. For more information, please refer to 
Installing HP-UX 10.20 and Updating 10.0x to 10.20 (B2355-90119). 


QQ= Is HP VUE still available at 10.302? 
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A&= At HP-UX 10.30, HP VUE is no 
longer shipped on HP-UX systems. 
HP VUE is obsolete. At 10.30, HP 
VUE as the HP-UX desktop appli- 
cation is replaced by the industry 
standard UNIX desktop product, CDE 
(Common Desktop Runtime 
Environment). HP-UX 10.20 is the 
last release of HP-UX on which HP 
VUE is supported. HP VUE 3.0 was 
the last version of HP VUE released. 

The VUEtoCDE application provides 
a way to migrate individual and system- 
wide HP VUE customizations to the 
CDE desktop. VUEtoCDE is included with 
the HP-UX 10.10, 10.20 and 10.30 oper- 
ating systems. Refer to HP CDE Getting 
Started Guide (B1171-90104) for instruc- 
tions for using VUEtoCDE. 


QQz Is the file /etc/disktab still used at 
10.x? 


Maz lt’s possible still to use /etc/disktab 
when creating file systems, but its use 
is discouraged. The file is provided 
only for backward compatibility with 
previous releases. The command 
newfs(1M) uses appropriate parameter 
defaults based on the size of the file 
system. These defaults can be 
overridden with command line 


options. 


QQ: Do I need to reduce the mirrors 
of system logical volumes before I 
update my system? The mirroring 
software will not be updated because 
it is on the application media. 


4A It is not a requirement to reduce 
the mirrors. Although the mirroring 
product will not be replaced during 


Make Performance Tuning 
Easy With SarCheck’ 


, SarCheck is the answer to your performance tuning problems. 
Regular use lets you know exactly what’s happening with your system 
resources and helps you maintain control of them. 


Understand what’s Happening 
SarCheck helps you make sense out of sar data 
by translating pages of confusing output into a 
concise, easy-to-read report - complete with 
tuning and upgrade recommendations. 


the operating system update, your 
existing mirrors will still be recognized. 

However, it is possible to use for your 
update a disk depot that contains both 
operating system products as well as appli- 
cation products. Use the sweopy(1M) com- 
mand to create the depot. 


Maintain Full Control 

Regular use of SarCheck keeps you in control 
of your system resources and lets you make intel- 
ligent, informed decisions about them. 


Plan for Future Growth 


Q What is HPDPS? 


AX: DPS stands for Distributed Print 
Service. It was introduced at 10.20, 
and its basic functionality is bundled 
with HP-UX. HPDPS can handle 
networks with thousands of printers, 
spoolers, and clients. 

It can automatically select printers 
that are appropriate for a print request 
based on the requirements of the job. 
It can be configured to balance the 
workload for a pool of printers. It is com- 
patible with existing /p- and Ipr- based 
spoolers on supported systems. HPDPS 
functionality can be accessed via lp 
spooler commands. Both HPDPS and 
the /p spooler can be installed and con- 
figured on the same system. El 


General HP-UX questions are answered by 
Bill Hassell, a support engineer at the HP 
Atlanta Response Center. He can be contacted 
via e-mail at blh@hpuerca.atl. hp.com. 
Workstation questions are answered by Susan 
Potter, an HP-UX system support engineer 
in the Atlanta Response Center. Her e-mail 
addvress is sup@atl. hp.com. 


SarCheck’s Built-in capacity planning features 
allow you to plan for growth - before slow-downs 


or problems occur. 


PE 


SOFTWARE INC. 


¢ HEWLETT 
PACKARD 


Channel Partner 


PO Box 1033, Plaistow, NH 03865 
(603) 382-4200 Fax (603) 382-4247 http://www.sarcheck.com 


CIRCLE 26 ON READER SERVICE CARD 


Se Confluent. 


Pe, ed 


Confluent, Inc. 

132 Encline Court 
San Francisco, 
California 94127 
415-586-8700 Voice 
415-586-8838 Fax 


ysands of aes 
Ss 


UNIX 
Diagramming 
& Flowcharting 


Use Visual Thought for: 

+ Software design diagrams (Booch; Rumbaugh, 
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+ Clickable Web diagrams with GIF/JPEG and 
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+ Framemaker documentation graphics w/ MIF, EPS! export 

+ Network diagrams with network component clip art 

+ Dataflow diagrams, org charts 

+ Presentation & business graphics 

+ Graphical pre/postprocessor for other tools or simulators 


@ CD-ROM, FTP 
Additional benefits & 30-day trial 


+ Intelligent, rubberbanding lines 

+ Macintosh-like ease-of-use . . . on UNIX! 

+ Editable, WYSIWYG drag-and-drop palettes 

+ Hyperlinked, hierarchical documents 

+ Arbitrary object rotation 

+ Complete text handling: subscripts, arbitrary fonts, sizes, 
colors, styles and justification 

+ Dozens of export formats: GIF89, JPEG, MIF, TIFF, EPSI, 
XWD, SunRaster, others 

+ Available on SunOS, Solaris, HP-UX, 
and soon, Windows 95/NT 
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Configuring and Managing File 
Access 

This month I'll be discussing a fairly 
basic but nonetheless critical part of 
administering and securing your system: 
File Access. I'll discuss the traditional 
approach in UNIX, describe some HP- 
UX-specific enhancements to this 
approach, and then discuss a newer and 
better way of restricting who can access 
your files. 


Traditional Access: /etc/group 
and chmod 

The traditional way to restrict access 
to a file in all flavors of UNIX is to set 
permissions on the file. There are three 
levels of permissions: Owner, Group, 
and World or Other. For each file, per- 
missions can be defined on what each of 
these levels can do to/with the file. The 
choices are: Read, Write, and Execute. 
The permission on a file can be set to 
allow any combination of the permis- 
sions for each of the levels. 

The ownership of a file is divided into 
two parts: the Owner and the Group. 
The Owner is often the person who cre- 
ated the file and is considered the ulti- 
mate authority on its use. The Group 
ownership is a grouping mechanism to 
allow multiple users who share some- 
thing in common access to the file. The 
Group permission is necessary to add 
an additional layer of ‘my coworkers’ 
between the Owner and everyone else. 

For example, if the Owner of a file 
is George and the file is part of the 
source code to an application, you may 
want the other developers on the team 
to be able to read the file but not mod- 
ify it (or you may want them to be able 
to modify it also). But you don’t want 
the members of the Accounting group 
to access it. 


by Chris Curtin 


Executing /s -al or l/on a file will list 
the permissions, the owner, and the 
group for the file. 

For more information about setting 
the owner, group or permissions on a 
file see: chown(1), chgrp(1), and chmod(1). 

Access permissions seem pretty sim- 
ple until you think about a real-world 
system. In a real system, you would want 
your users divided into groups around 
their jobs. You might have a system 
administration group, a COBOL devel- 
oper group, a testing group, a C++ devel- 
opment group, and a management 
group. First, how do you specify the pri- 
mary group for a user and how do you 
allow a user to be in multiple groups? 

The first question, how to specify 
what the primary group for a user, is 
easy. The default group is specified in 
the / etc/passwd entry for the user. You 
can use SAM to change this. 

The second question, how to allow a 
user to belong to multiple groups is also 
easy. The file /etc/group contains an entry 
for each group and lists the users who 
are part of that group. Theoretically 
there is no limit to the number of 
groups a user can belong to or the num- 
ber of users in a group. In practice a 
large number of either is hard to main- 
tain. (Also HP-UX has had some bizarre 
bugs at the file access and NFS levels if 
a user belonged to too many groups or 
too many users were part of a group. 
Check that you have the latest patches 


before trying to redesign your group 


scheme.) 

Now that users are part of multiple 
groups, how do they indicate what 
group they want to belong to at the cur- 
rent time? By default when users log in, 
the system sets the group to the default 
from the /eic/passwd file. If they want to 
change groups later, they can use the 


newgrp(1) command. 

I’m not sure of the history, but I 
would think that newgrp was a com- 
mand to create a new group, not 
change it. However, chgrp, which is used 
to change the group of a file, was 
already taken. 

Note: you can add a password to each 
group in /etc/group, which requires that 
the user provide the password before 
newgrp will change the current group 
for a user. I don’t know of anyone who 
uses this feature and, in the 10.00 doc- 
umentation, HP recommended against 
using it. No reason was given why not 
to use it. 


Determining Access Permissions 
To A File 

Once the groups have been config- 
ured, it is important to know what steps 
the operating system goes through to 
determine if a user can access a file. In 
a nutshell, the following are tried: 


1. If the ID of the user matches that 
of the file, the Owner permissions 
are checked. If the permission is 
granted, the access is allowed. 

2. If the current Group ID of the user 
matches the Group ID of the file, 
the Group permissions are checked. 
If the permission is granted, the 
access is allowed. 

3. Finally, the World/Other per- 

If the 

permission is granted, the access is 


missions are checked. 


allowed. 


You'll notice that only the current 
Group ID of the user is checked, not 
the Group ID of all the groups the user 
belongs to. The user is forced to use 
newgrp to be given group-level access if 
the default group does not match the 
Group ID of the file. 
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HP-UX Enhancement: 
/etc/logingroup 

HP-UX adds a feature to the tradi- 
tional file access rules: /etc/logingroup. 
This file defines the list of all Group IDs 
to be assigned to a user at login time. 
This prevents the problem specified in 
the previous section, where a user must 
use newgrp to access a specific file. 

The upkeep of the /etc/logingroup file 
is not handled by SAM. Therefore most 
installations link /etc/logingroup to 
/etc/group. This way all changes to 
/etc/group are reflected in the user’s 
environment. 

Note: linking these files together 
restricts the granularity of the func- 
tionality /etc/logingroup provides. You 
may not want your users to have access to 
certain files by default. Sometimes it is 
necessary to force them to change their 
group before accessing the file. System 
administration scripts come to mind as 


one area where this functionality might 
not be that useful. 


Additional Group Functionality 

HP-UX also adds some additional 
group-level functionality that allows all 
members of a group a specific permis- 
sion. These permissions often do not 
have anything to do with file access, or 
those that do are used in a specific way 
by the operating system. 

The command to do this is setpriv- 
grp(1M). I could write an entire column 
about this command, so I'll just give an 
example of its use: 

Long-time readers will remember my 
column about setting up a real-time getty 
on the system console. In that article we 
used the setprivgrp command to allow a 
group of users to define real-time prior- 
ities on a process. The command was 
setprivgrp -g RTPRIO. This command 
gave all groups (the -g option) the abili- 
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systems 


ty to run processes in real-time. 


Problems With Traditional File 
Access 

The traditional way of providing access 
to files is certainly a strong system. It is 
implemented on a lot of systems and most 
users understand it. However there are 
still several problems with it: 


1. Without the HP-UX enhancement of 
/etc/logingroup, users must remember 
to use the newgrp command to access 
files not in their default group. 

2. Upkeep of /etc/group is cumbersome, 
so most systems place all users in a 
‘users’ or ‘staff’ group, in effect, 
removing the usability of the Group 
file permission. Since everyone is in 
the same group, why use group-level 
permissions? 

3. If you want to allow only specific 
people access to a file, they must be 
in their own group. Since only root 
can modify /etc/group, users cannot 
create their own groups to restrict 
access to their files at this level. 


Access Control Lists (ACL) 

A solution to the problems defined in 
the previous sections is a user-level per- 
mission list, Access Control Lists (ACL). 
ACL allow a user to specify, at the user and 
group level, permissions on a file. Think of 
it as giving users a key to your desk, except 
the key only works when they are holding 
it and if you told your desk it is okay. 

ACL permissions are assigned using 
the chacl command. The chacl command 
has the following format: 

chacl ‘usergroup operator mode’ file 

The usergroup defines the user ID and 
the group ID of the user being config- 
ured. The operator parameter is ‘=’ to 
define the exact permission replacing what 
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is currently defined, ‘" to remove a per- 
mission, or ‘+’ to add a permission. The 
mode parameter defines the permission. 
Values are: ‘x’ for execute, ‘r’ for read, 
and ‘w’ for write. 

For example: chacl ‘ccurtin.users 
+rw’ /etc/passwd allows the user 
‘ccurtin’ read/write access to /etc/pass- 
wa. 

You can determine if a file has an 
ACL defined for it by using /s -al or Il 
and checking the last character of the 
permission string. If it is a ‘+’ then an 
ACL is defined for the file. You can then 
use lsacl to see the configuration of the 
ACL for the file. 

My most common use of this func- 
tionality is for restricting access to com- 
mon project and system administration 
commands. Rather than defining a 
Projectl group and a Project2 group, I 
just set up ACLs for the files with the 
users who need access to them. 


Warnings About ACL Usage 

While Access Control Lists give you 
finer control of access to your files, there 
are some areas you need to be concerned 
about: 


1. Access Control Lists are not sup- 
ported on VxFS file systems. 

2. Access Control Lists cannot be ac- 
cessed across NFS file systems. The 
permission checking will occur, but 
the use of /sacl or other commands is 
not supported. 

3. Since the client cannot see the ACL 
configuration, modifications to files 
with ACL configurations on NFS file 
systems can remove the configuration. 

4. Most system commands support 
ACLs, but some, such as cpio, dump, 
and tar, do not. Remember this 
when you are moving files around 
using these commands. See the 


man page for a specific command if 
you are not sure of its effect on the 
ACLs. 

5. While the ACL concept is imple- 
mented in a number of other 
UNIX systems, I have had problems 
with interoperability between HP- 
UX and AIX (IBM’s UNIX) when 
either was using ACLs. Check with 
the vendor for the latest patches if 
you encounter problems. 

6. Remember that the use of ACLs 
changes the default way Group level 
permissions are checked. If you 
grant or revoke a permission for a 
user by explicitly listing the user in 
the ACL, the other permissions are 
ignored. For example, if user Ed 
owns a file and grants Group ‘users’ 
read access to it, he can remove read 
access for user Lisa, even if Lisa is in 
the group ‘users’. This gets really 
interesting when you are trying to 
determine why a user who should 
have access to something doesn’t. 

7. Using chmod without the -A option 
removes the Access Control List for 
a file. 


Well, that is all for this time. I hope I 
cleared up some confusion about group 
access and introduced a new concept 
that will make managing your system, 
and its users, easier. i 
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by David L. Totsch 


I AM NO PROPONENT of euthanasia, but, 
on occasion, a system administrator has to 
strap on a side-arm, hunt down an unruly 
varmint, and stop it dead in its tracks. 
These critters can be a tame process some 
user has unleashed unintentionally or 
something as wild as a system process sud- 
denly gone loco, consuming every CPU 
cycle and disk block in its path. Let’s talk 
about how to put down an unruly beast 
quickly and carefully and leave honing 
our tracking skills for later. 

Of course, the system administrator’s 
weapon of choice is not manufactured by 
Colt—1t is the standard UNIX kill(1) com- 
mand. Much more than a simple six-shoot 
er, it has 34 different shots that it can make 
(some of ‘em blanks). Unlike cartridges, 
kill’s signals strike with varying force. ‘To 
understand these signals and their impact, 
we need to read some documentation 
(probably an unusual activity for the com- 
mon gunslinger). You can start with read- 
ing the man page for signal(5). We can 
also examine /usr/include/sys/signal.h. Here 
we find the name to number mapping 
and a short description of each signal 
(scan for “/* Signal numbers */”). As ause- 
ful reminder as to what signals are avail- 
able we have kill -v, which prints out a 
list of signal names. 

When you become a gunslinger, er, 
system administrator, you are usually 
instructed to “shoot by the numbers.” 
That works well until you realize that 
there is a better technique than “kill 
minus nine works every time” (and there 
is some risk associated with such a brute 
force methodology). Using the names, 
rather than the numbers, instills some 
respect for what is happening and 
reminds us of the finer aspects of the 
command. For example, have you ever 
had a process hang inexplicably? Did 
you know that sending it a SIGABRT 


would cause a core dump to be created? 
The folks you have been corresponding 
with about the hang should be able to 
analyze the core dump and possibly fig- 
ure out why the process is hanging. You 
will be killing it forever if you do not find 
out what is causing the problem. 

Before you draw a bead on that big 
bad process to deliver a powerful “sure 
kill,” you might try a lower caliber. 
Sometimes just interrupting an outlaw in 
the midst of a crime will foil the attempt. 
Give ’em a SIGINT (“Hey, you!”). Other 
times, a bandit is nothing more than a 
well-meaning citizen that ain’t thinkin’ 
straight and you merely need to ask ’em 
to stop : SIGTERM (“Hey, you over 
there, would you please stop—that ain’t 
nice”). If none of that works, try a 
SIGQUIT (“Stop, before I have to get 
rough with ya”). Interactive processes 
may be bullet-proofed against SIGQUIT 
during important tasks, though. Just be 
sure to try something else before you 
pull out the trusty old SIGKILL. 

And why should SIGKILL be last? 
Trusty and loyal as it may be, it instructs 
UNIX to ignore the process to death. 
Don’t give it any processing time, don’t 
finish any I/O requests for the process, 
and when it gets processing time, finish 
it off. But there is a problem here. When 
a process asks for I/O, the kernel will 
send it off for a nap to wait until the I/O 
is complete, at which time the kernel will 
wake the process to handle the I/O. If 
the process is off passing time waiting for 
I/O when it is killed, the I/O will never 
happen. Therefore, the process will never 
be awakened because the I/O finished. 
If it never wakes up for the completed 
I/O, it will never get processor time, 
which means that it will never be buried. 
Yup, the living dead; a zombie. And once 
you have a zombie hanging around, you 
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have to start a whole new story, because 
zombies do not generally fit in the 
Western genre. 

Well, now that those of you who faith- 
fully watch John Wayne and enjoy re- 
runs of Bonanza are completely 
disgusted, I will stop. 

But not before I admit that this was 
inspired by one of my youthful favorites: 
Gunsmoke, There is one thing that 
none of the good guys could do that 
kill(1) can: shoot everyone wearing a 7 
black hat with one shot (take a look at Web : WWw,s@ 
“process groups” under the ps(1) and E-mail: info@sour 
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Virtual Web hosting is the process of physically locating 
multiple independent Web sites on a single host. In this arti- 
cle, we'll look at two different ways of Web hosting and how 
to implement them with the Netscape and Apache Web 
servers. Most of the configuration discussed will be directly 
applicable to all implementations of UNIX, but we will spe- 
cifically cover setting up multiple IP addresses on HP-UX. 

Virtual Web hosting is particularly important to Web 
hosting services. If virtual Web hosting were not available, 
they would be forced to make an unpleasant trade-off be- 
tween customer satisfaction and cost. On the one hand, in 
order to distinguish between multiple sites on a single sys- 
tem, the clients would have to deal with extra long URLs 
that included port numbers or path names such as 
http://www.server.com: 9000. On the other hand, if they chose 
to satisfy customer needs for simple, recognizable URLs like 
hitp://www.foo.com, every new Web site would require the 
purchase of additional hardware (networking cards, or even 
additional systems). 

Fortunately, with virtual Web hosting, we can avoid that 
trade-off. In fact, we get the best of both worlds. Web host- 
ing services can support the largest number of customers in 
the most cost-effective manner, while the implementation 
remains completely transparent to customers. 

As with anything “virtual,” there are different ways to im- 
plement hosting. Let’s look at the two main options: using 
enhancements to HTTP (HyperText Transfer Protocol) 
that directly support Web hosting and, alternatively, assign- 
ing multiple IP addresses to a single network interface. 


HTTP 1.1 

If www.foo.com and www.bar.com are to be hosted on a single 
machine with only one IP address, there must be some other 
way to tell them apart. Although the URLs will be textually 


different—htip://www.foo.com vs. http://www.bar.com—since 
they both map to the same IP address, the browser ends up 
connecting to the same HTTP server in both cases. Version 
1.1 of HTTP resolves this ambiguity by having the Web brows- 
er send the host portion of the URL as an additional field in 
the request. That way, the server can act on this information, 
and provide the appropriate data back to the browser. For ex- 
ample, here’s the request that an HTTP 1.1 compliant brows- 
er could send for http://www.foo.com/products.hthnl. 


GET /products.html HTTP/1.1 


Host: www.foo.com 


The server will now know to retrieve products. html from 
the document root of the www.foo.com server that it is host- 
ing on the system. 

As it turns out, Netscape Navigator has sent the Host 
field since Version 2.0. Microsoft’s Internet Explorer 3.0 
sends it as well. Netscape’s Enterprise Server and the 
Apache server recognize the Host field. If you know that all 
of your client browsers will support it, you can safely choose 
this method. This is not currently a realistic assumption if 
your client base is the Internet community at large. 


Multiple IP Addresses 

If you don’t know whether browsers will send the Host 
field, you can distinguish between different Web sites on a 
single system by assigning multiple, unique IP addresses to 
your existing network interface. Even if you knew all your 
clients were HTTP 1.1 compliant, you still might want to as- 
sign individual sites their own IP addresses. For instance, if 
you're running a Web-hosting service, you might want to 
characterize traffic for individual customers. Web server 
logs do not provide detailed statistics such as the number of 
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Patch Numbers as of 4/97 


HP-UX Version ifalias Patch ARPA Transport Patch 


10.01 PHNE_7107 s700—PHNE_9102 
s800—PHNE_9103 
s700—PHNE_9104 
s800—PHNE_9105 
s700-PHNE_9098 


s800—PHNE_9099 


10.10 PHNE_7108 


10.20 PHNE_7109 


bytes transferred. With independent IP addresses, lower- 
level components of the system, such as routers and net- 
work management tools, can be aware of the impact of 
individual sites on the network. 

Netscape’s Enterprise Server 2.01 requires running a sep- 
arate process of the Web server for each individual IP ad- 
dress. The Apache server can also run separate processes 
bound to different IP addresses, but it supports requests to 
multiple IP addresses in the context of a single process as 
well. Fewer processes obviously take up fewer system re- 
sources. However, just as with the decision to implement 
separate IP addresses, you may well want to run separate 
processes for each Web site. Giving each Web site its own 
process allows you to characterize the impact of each 
process individually on total system performance. Software 
like HP’s Process Resource Manager could then be used to 
further manage scheduling. 

Another reason why you might choose separate 
processes is security. In the case of a Web-hosting service, if 
you allow customers to log in and manage their own Web 
sites on your system, you will want to ensure that they can 
modify only their own configuration and content. This 
would naturally dictate a separate instance of the Web serv- 
er for each customer, with appropriately configured permis- 
sions. Another fringe benefit to this approach is that 
migration of individual Web sites is easier. 

Next, we’ll look at how to set up multiple IP addresses on 
HP-UX. For other versions of UNIX, this functionality is 
typically available in the ifconfig command. Please see your 
vendor’s documentation for detailed information. 
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HP-UX ifalias Command 

To configure multiple IP addresses on HP-UX 10.x, you'll 
need the ifalias command, available in a patch. Be sure also 
to install the most recent ARPA transport cumulative patch. 
(This is because there is a bug in the 10.x kernel networking 
code that fails to distinguish between sockets bound to dif- 
ferent IP addresses listening at the same port.) Table 1 con- 
tains patch information for different versions of HP-UX. 

I strongly recommend that you upgrade to a recent ver- 
sion of HP-UX. Version 10.20 has networking enhance- 
ments that improve the performance of Web servers. 

Here is an example of how you might use ifalias to add 
the IP address 1.2.3.5 to a system: 


% ifalias lan0d add 1.2.3.5 


After running #falias, you can verify the newly assigned IP 
addresses with netstat. 


% netstat -in 


The ifalias command (actually, the SIOCADDIFADDR 
ioctl() in the kernel) does not allow the addition of IP ad- 
dresses that are outside the subnet as defined by the prima- 
ry IP address and subnet mask. The reason for this 
restriction is the nature of IP routing. For example, for the 
IP subnet 1.2.3 with subnet mask 255.255.255.0, only IP ad- 
dresses that start with 1.2.3 are recognized: 1.2.3.1, 1.2.3.2, 
and so on. If you were suddenly to introduce a system with a 
foreign IP address on that network, e.g., 9.8.7.6 and subnet 
mask 255.255.255.0, it would not be able to talk to anyone; 
nor would anyone know how to talk to it. The router on the 
1.2.3 network would forward packets only to and from hosts 
on the 1.2.3 network. (It 7s possible to configure a router 
explicitly to handle multiple IP subnets within a single phys- 
ical network, but this is not the norm.) 

This restriction becomes an issue if you want to test virtu- 
al Web hosting on your workstation and all available IP ad- 
dresses in your subnet are already in use. What do you do in 
that case? Well, here’s a clever trick you can use to get 
around this problem, without having to resort to hijacking 
someone else’s IP address. All implementations of TCP/IP 
recognize 127.0.0.1 as another IP address referring to the 
loopback interface of the local system (called localhost or 
loopback). So instead of using ifalias to configure a new IP 
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virtual web hosting 


address, just treat 127.0.0.1 as an additional, unique IP ad- 
dress already bound to your network interface! 

Now, let’s go through the configuration of a virtual Web 
host from start to finish. 


Configuration 

We will be working with the machine canonically named 
www.foo.com, IP address 19.97.2.10. We would like to host 
www.bar.com on the same box. In the cases in which 
www.bar.com has a separate IP address, that IP address is 
19.97.2.11. The document root directory for www.bar.com is 
/usr/local/htdocs/bar. 


DNS 

If we wanted to configure www.bar.com with a different IP 
address, we would add this record to the appropriate name 
server db file: 
www.bar.com. IN A 19 . Sees 
We would also add the corresponding PTR record to 
db.19.97.2: 

11 IN PTR www.bar.com. 
a 

This is the exact same procedure we would follow if we 
were adding www.bar.com as a new host. 

If we want to configure www.bar.com with the same IP ad- 
dress as www.foo.com, we have two choices. We could add an 
A record for www.bar.com, with the IP address 19.97.2.10. It 
makes more sense in this context, though, to add a CNAME 
record (alias) pointing to www.foo.com: 
www.bar.com. IN CNAME www.foo.com. 

In this case, we would not add any PTR records. Reverse 
lookups would return the canonical name of the system, 
www. foo.com. 

Now that we’ve updated DNS, we can go ahead and con- 
figure the Web server of our choice. 


Netscape Enterprise Server 

The Netscape server products can be administered very 
flexibly. Administration can be done either through a Web 
browser or by manually editing configuration files. 
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Manually edited changes are reflected in the administration 
server and vice versa. 

First, let’s cover the case in which there’s only one IP ad- 
dress and the Host field is being relied on to disambiguate 
requests. Netscape calls this option Software Virtual Servers. 

To set up a software virtual server through the adminis- 
tration server: 


1. Connect to your administration server from your Web 
browser and select your Web server 

2. Click on Content Mgmt in the upper frame 

3. Click on Software Virtual Servers in the lower left frame 

4. Type www.bar.com in the URL host field, and 
bar/index.html in the Home page field 

5. Click OK; then click Save and Apply to save and apply 
the changes. 


As a result of doing this, the following lines will be added 
to the obj.conf server configuration file. Had you preferred, 
you could have bypassed the GUI and added these lines 
manually: 


<Client urlhost="www.bar.com”> 
NameTrans fn="home-page” path="bar/index.htm1” 
</Client> 


The path specified here can be either absolute or rela- 
tive to the document root. 

Netscape has a technical note on Software Virtual 
Servers at 


http://help.netscape.com/kb/server/960804-21.himl 


As mentioned previously, to install the Netscape server at 
a different IP address, you need to create a separate instance 
of the server. But before you do that, you must make sure 
that any already-configured Web server is bound to its own 
IP address alone. This is because by default, Web servers are 
configured to bind all local IP addresses. So if you took no 
other action, your first Web server would respond to re- 
quests to all other servers. To set this up in the administra- 
tion server, select your Web server, and click on Network 
Settings in the lower left frame. Type in the specific IP ad- 
dress—in our case, 19.97.2.10—in the Bind To Address 
field. Or, you can add the following line to magnus. conf: 


Address 19.97.2.10 


With that settled, you’re ready to install a new instance of 
the Netscape server: 


1. Select Install a New Netscape Enterprise Server 

2. Fillin Server Name with www.bar.com 

3. Fill in Bind address as 19.97.2.11 

4. Fill in Server Identifier with bar 

5. Fill in the Document Root field with /usr/local/htdocs/bar 


If, instead, you want to create another instance of the 
Web server from the command line, replicate the current 
configuration files in a new, parallel hierarchy, then modify 
the files as appropriate. The administration server will auto- 
matically recognize the new instance. For example: 


% mkdir /usr/ns-home/https-bar 
% cp -r /usr/ns-home/https-foo/* /usr/ns-home/https-bar 


% vi /usr/ns-home/https-bar/config/*.conf 


Apache Server 
The documentation for the Apache server has detailed 
information on configuring virtual Web hosting: 


http://www.apache.org/docs/virtual-host.html 
http://www.apache.org/docs/mod/core.html#virtualhost 
http://www.apache.org/docs/host. html 


In the Apache server, both methods of virtual Web host- 
ing, Host field and multiple IP addresses, can be handled 
with the same VirtualHost directive in httpd.conf: 


<VirtualHost www.bar.com> 
ServerName www.bar.com 
DocumentRoot /usr/local/htdocs/bar 


</VirtualHost> 


Had we wanted to manage the different Web servers in 
different processes, we would do much the same thing as 
with the Netscape server. We would replicate the hierar- 
chy of configuration files. And once again, we would have 
to make sure that each process was bound only to its des- 
ignated IP address. To do that, we would add this line to 


the httpd.conf for www.foo.com: 

BindAddress 19.97.2.10 

and this line to the hitpd.conf for www.bar.com: 
BindAddress 19.97.2.11 


Flexibility 

There are other applications beyond the scenario we 
have used of a Web hosting service. For instance, you can 
advertise different host names to different target audiences 
and customize the information presented to them, lever- 
aging a common content base. Virtual Web hosting gives 
the Webmaster a great deal of flexibility in managing Web 
name spaces. it 


Kartik Subbarao is a technical consultant in Hewlett-Packard’s 
Professional Services Organization. He has a BSEE from Princeton 
University, and an MSEE from Stanford University, with a focus 
in Computer Engineering. Kartik is currently developing software 
components for HP's Internet consulting solutions. 
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It seems 
as if we live 
in a reactive 
world. Some- 
thing happens and 
we react to it. These 
scenarios can lead to 
stressful situations and 
there is no shortage of stress 
these days. If these situations 
lead to stress, it stands to reason 
that the opposite would lead away 
from stress. Therefore, the opposite 
of reactive is proactive. Proactive, by def- 
inition means to be in favor of or sup- 
portive of being active. In other words, take 
action/control of a situation before it takes con- 
trol of you. 

One of the proactive things you can do regarding 
HP-UX is to have a plan or strategy for patching your 
computers. If you have already made a decision to patch 
your system(s) proactively, you have made a step in a good 
direction. The next step is to determine the how, what, when, 
and where. In other words, you need to develop your patch- 
ing strategy. 

Before getting into what strategy makes sense for you, let 
us first consider what patching approaches can be taken. 
Operating system patching is much more than a simple yes or 
no. Yes, we patch or no, we do not patch. Consider the fol- 
lowing diagram; at any given time, you are at some point on this 
line. You may be directly on one of the letters or you may fall 
between two letters. However, just because you are at a certain 
point today, don’t think you will always be at that same point. 


A B C D E 
A - apply no patches 
B - apply a patch for a specific problem (reactive) 
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C - conservatively apply patches (proactive) 
D - aggressively apply patches (proactive) 
E - apply every patch 


A and E would probably be considered unique 
and special cases. B’s are either truly of the mind- 
set, “if it ain’t broke, don’t fix it” or they are for- 
mer A’s in a jam. This leaves us with C and 
D. As you can see, they are both in the cat- 
egory of proactive. Now almost every- 
one, either consciously or not, is at 
some point on this line. Further- 
more, the point at which you are 
today may not be the point 
where you were a year or 
two ago. We tend to 
change in relation to 
circumstances. 
However, for the purpose 
of this article, with and the 
idea of maximizing system up 
time, the proactive patching, i.e., con- 
servative or aggressive, is what needs to be 
determined. Proactive patching in a broad 
sense means that nothing you are aware of is specif- 
ically or significantly wrong or broken. So, if we look 
at the two types, conservative proactive and aggressive 
proactive, here are some of the things we'll see. 


Aggressive Proactive Patching 

When your system is in a dynamic state, e.g., new or mod- 
ified application systems are being introduced often or on a 
regular basis, the chance of running into a problem is greater. 
Also, when new code is introduced, it may mean configuration 
changes and/or an increase in system load. All of these changes 
have the potential of creating new scenarios that can lead to 
system related problems. With HP’s large installed base of sys- 
tems, the new problem you have just encountered already 
may have been experienced at another site and a fix or 
workaround may already be available. For these reasons, an 
aggressive proactive patching plan should be considered. This 
means new patches should be installed on a regular basis. 
Ideally, the aggressive approach should have a good test envi- 
ronment that closely resembles the production environment 
for testing purposes. 
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Conservative Proactive Patching 

When things are in a fairly static state on your system, i.e., few 
changes are being introduced, the chances of encountering new 
problems are far less as compared to the dynamic environment. 

Patches should still be applied, but on a less frequent basis. 
Possibly, only critical patches should be applied. You may cycle 
through periods where aggressive makes sense and then go into a 
more static phase where you can take a more conservative approach. 


Things to Consider When Developing Your Strategy 

Developing your patching strategy for a single system is 
obviously much easier than for an entire enterprise. A single 
system can be categorized for what it does. An enterprise is 
made up of many systems and it is therefore more difficult to 
be exclusively conservative or aggressive. Therefore, you may 
have a mixture in your overall enterprise patching strategy. 

Following are a number of ways for you to obtain HP-UX 
patches. Listed with each method are a few of the benefits 
and trade-offs. 


1. HP Electronic Support Center 
Anyone who has access to the Web can browse and down- 
load HP-UX patches from the following url: 


http://us-support.external. hp.com 


Current HP-UX patches that are in a GR (general release) 
state are available to be downloaded from this Web site. You 
should read the patch text via the browse option to determine 
whether you want a particular patch and that all dependencies 
have been met. Also, you will find installation instructions in 
the patch text file. 


BENEFITS: 


m You can download patches when you want/need them. 

m You have the option to download many patches and sweopy 
them into a depot. This will allow you to install all the patches 
in your depot. 

g This method can be much quicker as compared to waiting for 
a tape. 


TRADE-OFF 


m You must check all dependencies (found in the patch text 
file) for each patch that you download and install. 
m Some patches can be very large in size and will take longer 
to download. 


m Some people have Web access only through their PC, not 
their HP-UX box. 


2. Extension Software CD-ROM 

Every two months, customers with a support contract with 
HP receive the Extension Software CD-ROM. The CD-ROM 
contains patch bundles for current HP-UX operating system 
levels. The 10.x patch bundles can be installed on your sys- 
tem using swinstallwith the match_target=true option. Typically, 
there will be three new patch bundles per release of the 
bimonthly CD-ROM. In other words, if the CD-ROM contains 
9.04, 9.05, 10.01, 10.10 and 10.20, three of them will be new 
bundles. The ones that are not new will be the same bundle 
as on the previous copy of the CD-ROM. 


BENEFITS: 


m Patches are tested as a “bundle” of patches. They are installed 
on HP test machines. 

m Interdependency logic is built into the bundle. In other 
words, if a patch will not install on your system and it is a 
dependent patch for another patch in the bundle, neither 
will install. 

m The CD-ROM is automatically sent every other month to the 
customers who have a support contract with HP. 

m Patches on the CD-ROM are seasoned patches. 

m This is the “ease of use” method for putting patches on 
your system. 

m These patch bundles typically contain many patches. 

m You do not have to spend time doing a patch analysis. 


TRADE-OFF: 


m If your needs cause you to be on the leading edge of tech- 
nology, you might not have the latest version of a patch. 

m You have little control over what patches go on your box. 

m Since there are typically many patches in the bundle, it will 
require more time to install and more disk space. 

= Not all patches critical to your operations are included, 
e.g., specific subsystem patches, latest kernel patches, etc. 


3. Custom Patch Manager 

Custom Patch Manager is or will be available for those cus- 
tomers who have a support contract with HP. This method of 
obtaining patches requires that you, as a customer, be famil- 
iar with doing custom patch analysis. You can access Custom 
Patch Manager from the Web at the following url: 
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http://us-support.external. hp.com 


You must register, via the Web, prior to using this tool. This 
method of obtaining patches allows you to determine what 
patches will be selected for your system. 


BENEFITS: 


mw You will get the latest patches from HP. 

mw The customer can configure and download custom patch 
bundles based on a system specification file. 

m CPM provides automated analysis; it reports dependent 
patches and patch conflicts to you. 

mw You are in control of what patches go on your system—you 
can be as aggressive or conservative as you want to be. 


TRADE-OFF: 

m You will need a person or persons knowledgeable about 
patches and the patching process. 

m Patches are not tested as a unit. 

m Basically, this method is a time vs. money decision. 


4. Reactive Patching from the HP Response Center 

Customers who have a support contract with HP can call the 
HP Response Center (800-633-3600) when a problem occurs. 
If the problem is a known problem and a patch is available, you 
can request that the Response Center engineer send that 
patch to you. 


BENEFITS: 

m= No up front work on your part until there is a problem. 

w [tis your risk, but you spend time dealing with patches only 
when a problem occurs. 


TRADE-OFF: 


mw Sooner or later a problem will occur. You will be duplicat- 
ing your efforts each and every time a problem occurs. 

= Minimum tumaround time for receiving a tape from the Response 
Center is one day. Normal turnaround time is two days. 

mw By not planning your own proactive strategy, you may very 
well spend more time patching on a per incidence basis. 


5, Proactive Patch Analysis from HP as Part of an Ongoing 
Support Contract 

Customers who have a support contract at the PSS 
(Personalized System Support) level or higher can have HP 
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send them a custom patch bundle. 


BENEFITS: 


m All of the patch analysis labor is HP’s—you do not need 
people at your site to have patching expertise. 

m You will receive custom patch bundles on a regular basis 
as per your support contract. 

m HP people doing your patch analysis typically know you 
and are familiar with your approach to patching. 

mw The custom patch bundle will contain the latest patches 
from HP. 


TRADE-OFF: 


mw The higher level support contracts cost more. 


6. Proactive Patch Analysis from HP on a Time and Material 
Basis 

Customers who do not have a support contract at the PSS 
(Personalized System Support) level or higher can have HP 
send them a custom patch bundle. This is part of HP’s con- 
sulting business and the work is performed typically on a time 
and material basis. The phone number for the time and mate- 
rial group is (888) 376-4737. 


BENEFITS: 


m All of the patch analysis labor is HP’s—you do not need 
people at your site to have patching expertise. 

m You purchase this service only when you need it. 

mw The custom patch bundle will contain the latest patches 
from HP. 


TRADE-OFF: 


m The cost of a time and material patch analysis is more than 
what a patch analysis would cost as part of an ongoing PSS 
or higher support contract. 

# Turn around time is determined by resources available at 
the time. 


7. Do Nothing ‘i 

This option is basically the same as patching on a reactive 
basis. Your plan may be to do nothing, and that works until 
something does go wrong. : 

Okay, now you are aware of conservative and aggressive 
approaches and benefits vs. trade-offs on various methods 
of obtaining patches. This information will help you decide 
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what strategy best fits your environment. It is very possible 
that your strategy could be a composite of quite a few of 
these pieces. For instance, you may have some systems for 
which it makes sense to use the Software Extension CD- 
ROM solution and also other more critical systems for which 
CPM or custom patch bundles from HP make sense. 
Another aspect of your strategy you must consider is fre- 
quency. A decision will need to be made on how often 
patches should be applied. Again, this too could vary from 
system to system. 

One of the new concepts of HP-UX 10.x is using a depot 
to store your patches. A depot is basically a directory that 
holds software products and all of the information 
required for swinstall to install from. In this case, the soft- 
ware products are the patches. You could create a depot 
for each version of HP-UX that you utilize. Patches can 
be added or removed from this depot. The command to 
add patches to your depot is sweopy and the command to 
remove patches from your depot is swremove, with the -d 
option. Therefore, you can manage your patch depot for 
the entire environment instead of looking at each machine 
individually. 

The depot can be set up on any 10.x system, and provid- 
ing it is on the network, patches can be installed across the 
network. Cufrently, to do this you would execute swinstall 
on the system that you are applying patches to and point 
back over the network to the system where the depot resides. 
One caveat to be aware of is that when you add a patch to the 
depot, you must remove any patches already in your depot 
that the new patch supersedes. The manual way to do this is 
to check the patch text file of the new patch and compare the 
patches that it supersedes with the patches currently in your 
depot. The automated way to do this is with the cleanup com- 
mand using the -d option. To do this, You must have the lat- 
est version of the cleanup command, which is in patch 
PHCO_12140. 


Review of Software Distributor 

The following is a review of SD (Software Distributor). 
First, there is a new way to handle or manage not only patch- 
es, but all software and subsystems as well. The new utility is 
called SD-UX, which is an acronym for Software Distributor 
for HP-UX. There are a number of new commands in SD. 
Following are some of the new SD commands that are rele- 
vant to patching. 


Bae p-ux/usr = nov./dec. 1997 


developing a patching strategy for hp-ux 10.x 


COMMAND PURPOSE 

swinstall install software products and patches 

swlist display information about installed products and patches 
sweopy copy software products or patches into a depot 
swremove remove software products or patches 


Another term that is new with 10.x is depot. A depot is a 
directory location that contains software for installation. When 
you get a patch from the Web and unshar it, you will have a .text 
and a .depot file. The .depot file is where the binaries are for 
that particular patch. 

It is highly recommended that you become familiar with the 
operation of the product installation tool, SD, before attempt- 
ing patch installation. The relevant document is “Managing 
HP-UX Software with SD-UX,” part number B2355-90054. 
Also, the best way to learn after becoming familiar with SD is 
to practice. This can be accomplished either on a crash and 
burn system if you have that option or by installing an “easy” 
patch and following it through the process. 


swinstall 

The SD command to install patches is the swinstall com- 
mand. There are many options to this command. By definition, 
this command is for installing and configuring software prod- 
ucts at 10.x. For the purpose of SD-UX, patches are considered 
software products at 10.x. This command can be run in three 
different “styles.” It can be run as a stand-alone command 
from the command line, or it can be run as a GUI (graphical 
user interface) or TUI (terminal user interface). The GUI 
and TUI are interactive. swinstall runs other scripts as part of 
the process to install a patch. The scripts that run are: 


SCRIPT PURPOSE 
checkinstall Tests for hardware and software configurations that might prevent install. 
preinstall Cleans up from predecessor file set; it removes obsolete files, kills daemons 
owned by file set. 
postinstall Enhances kernel functionality; adds drivers, modifies kernel 
parameters. 
configure Creates any special files, performs conditional moves of delivered files, modifies 


system configuration files, and warns/informs administrator as necessary. 


So, as you can see, swinstall does a number of things in the 
process of installing patches. As an example, if you pulled a 
patch from the Web, the command to install on a 10.x system 
would look like: 
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swinstall -x autoreboot=true 


-s /tmp/PHKL_6686.depot 


-x match_target=true 


This would be typed in at the prompt. 

The “-x” is for option parameters, and in this case we have 
told SD that autoreboot is true, which means the system will 
automatically be rebooted. Next, we told SD match_ 
target=true; this tells SD to install software (patch in this case) 
only where the file set(s) required are already on the system. 
Last, the “-s” option tells SD where to find the software (patch- 
es) to be installed. 

As with all of the SD commands, these are extremely ver- 
bose in their logging of any actions performed. All output 
from SD commands is logged in the appropriate file in the 
/var/adm/sw directory. In this case the log file would be 
/var/adm/sw/swinstall. log. 


swlist 

The swlist command displays information about software 
products that are currently on your system. Patches are con- 
sidered software products at 10.x, at least for the purposes of 
SD-UX. Again, there are many aspects and options to this 
command. For the purpose of patching, following is the szlist 
command that you will primarily use in determining what 
patches are on your system. 


swlist -1 product PH\* 


sweopy 

The sweopy command will copy software products to a direc- 
tory depot. In other words, if you want to move a patch and cre- 
ate a depot for it, you use this command. If, for instance, you 
were pulling several patches from the Web and you wanted 
to install all of then at the same time, you could put them all 
in one depot with the swcopy command. If you have three 
patches in /émp and you want to put them in one depot, you 
can do the following: 


swceopy -s /tmp/PHCO_1234.depot PHCO_1234 @/tmp/abc.depot 
swcopy -s /tmp/PHKL_5678.depot PHKL_5678 @/tmp/abc.depot 
swceopy -s /tmp/PHSS_9911.depot PHSS_9911 @/tmp/abc.depot 


‘You would now have all three patches in one depot. swcopy 


can also be executed as a GUI/TUL. 


swremove 

The swremove command does just the opposite of swinstal-— 
it removes software products. This command can be run in 
three different “styles.” It can be run as a stand-alone com- 
mand from the command line, or it can be run as a GUI (graph- 
ical user interface) or TUI (terminal user interface). The GUI 
and TUI are interactive. swremove runs other scripts as part of 
the process to remove a patch. The scripts that run are: 


SCRIPT PURPOSE 

checkremove — Checks for existence or absence of files, hardware/system/kernel configuration. 

unconfigure  Undoes what the configure script (swinstall) does, kills processes from previous 
file set, removes client-specific files, such as log files. 

preremove Moves or removes files and directories under shared directories; severs symbolic 
links from a shared directory to another shared directogy. 

postremove Removes newly emptied directories that are the exclusive property of the file set 


and reside in a shared directory; removes the file set's log files. 


For example, if PHCO_1234 needs to be removed from 
the system, 
the following command will do it: 


swremove PHCO_1234 


As long as the NOSAVE option was not used when 
PHCO_1234 was installed, the system will be returned to the 
state it was in prior to installing PHCO_1234. If the NOSAVE 
option was used, the attempt to remove the patch would fail. 

If you are at HP-UX 10.10 or below, swremovewill not regen 
the kernel or reboot the box automatically if you are remov- 
ing a patch that required a reboot when it was first installed. 
If you are at HP-UX 10.20, the default when removing a patch 
that required a reboot when installed is to regen the kernel and 
reboot the system automatically. i 
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Packard in Atlanta, Ga. He assists customers in setting up their patch- 
ing strategies and also by providing custom patch analyses . 


hp-ux/usr = nov./dec. 1997 Ty 


Software review: Facet Win 


by Greg Cagle 


Wiulaws-{n-4i) 


he subject of this review 

is FacetWin. FacetWin is a 

Windows-to-UNIX connectivi- 
ty solution provided by FacetCorp. 


Another product from FacetCorp is 
FacetTerm, which provides multisession 
capability to “dumb terminals” and PC 
terminal emulation clients on UNIX 
machines. FacetWin is supported on the 
following UNIX platforms: SCO Open 
Server 5, SCO UNIX, UNIXWare, AIX, 
SunOS, Solaris, HP-UX, Digital UNIX, 
Irix, DYNIX, and several other obscure 
UNIX variants. On the client side, 
FacetWin supports Windows 95 and NT 
clients. Server testing was conducted on 
an HP 715/80 workstation, running 
HP-UX 10.20 with some patches. Client 


rem ip-ux/usr = nov./dec. 1997 


Pints art ttt 


testing was conducted on an HP 
OmniBook 800CT notebook, run- 
ning NT 4.0 Service Pack 1. The 
FacetWin software appeared to be 
Version 1.1, CD-ROM 251. 


Features 


File and Print Services 

The file and print services provided 
by this package are essentially identical 
to those provided by the freeware pack- 
age Samba. This amounts to SMB 
(Server Message Block) file and print 
services, allowing file systems and print- 
ers hosted on a UNIX server to be visi- 
ble to and usable by SMB clients. SMB 
clients exist for many different systems 


but are primarily Windows-based 
machines. 
The evaluation package I received 
included a cute little button, reading 
“NFS” with a red slash through it 
(Figure 1). The included press 
release positions the product as 
differing from “existing con- 
nectivity alternatives” in not 
requiring PCs to run NFS. I'll 
leave it as an exercise for the 
reader to decide whether or not 
Samba and Advanced Server/UX 
exist. 


Terminal Emulation 

The terminal emulation portion of 
FacetWin (Figure 2) is a fairly simplistic 
terminal package. It is more fully fea- 
tured than the NT “telnet” client, but 
lacks power user features (such as script- 
ing) available in Reflection 1, for exam- 
ple. Terminals emulated include VT525, 


WY60, SCOANSI, IBM 3151, and IBM 


3164. There is no HP terminal emula- 
tion, which other products provide. A 
useful feature allows you to watch the ter- 
minal output (even for a specific string) 
and bring up a PC alarm. A relatively 
annoying feature is that the properties 
dialog allows you to choose between one 
of three equally irritating splash screens 
to be displayed at startup, but does not 
allow you to disable the splash screen 
altogether. The emulator is a 32-bit native 
Windows 95/NT client. According to the 
press release, the emulator “leverages 
technology built into FacetIlerm and HP- 
UX’s Terminal Session Manager.” 


PC Backup and Restore 

This feature allows the central UNIX 
server to back up and restore files to and 
from networked PCs. This may or may 
not be a good idea based on the local 
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environment and whether centralized 
simplistic backup is appropriate. The PC 
drives to be backed up must be marked 
shared, and cannot be marked read-only 
if you expect to do incremental backups. 
If the PC shared drives have password 
security protection, a rather large securi- 
ty hole exists in that the passwords are 
required to be passed in the clear from 
the UNIX server across the network. The 
backup is driven from a command line 


' program on the UNIX server called 


fa_chent that generates SMB requests. This 
is a good thing if you want to automate 
backups on the UNIX server for many 
PC clients, but the interface is typical 
UNIX (somewhat cryptic, see Figure 3) 
and is not as friendly as a point-and-click 
interface. The man page actually com- 
pares the user interface to the ftp pro- 
gram, and it’s a valid comparison! 
Interestingly enough, the man page for 
smbchent (part of Samba) also compares its 
interface to fip. And it’s roughly similar 
in functionality. Hamm. Remember also 
that if you automate the backups with 
cron in a script, the PC share passwords 
will be required to be intact on each com- 
mand line, which is a security issue. I was 
unable to get this to work on my NT 
machine; the documentation on how to 
share PC drives is Windows 95 specific 
and I couldn’t figure out how to match 
them on my NT machine. 

The functionality provided here does 
not really compare to dedicated network 
backup packages, but it’s a lot cheaper. 


Modem Server 

This feature allows PCs to share a 
modem bank connected to a UNIX serv- 
er. The current release of FacetWin, how- 
ever, allows only users of the FacetWin 
terminal emulator to share the modems, 
which limits things pretty significantly. 


FIGURE 1 


FIGURE 2 


According to the FacetWin documenta- 
tion, future releases of FacetWin will sup- 
port a communications driver to allow 


other software to access the modems. I 
did not test this feature. 


E-mail Server 

The FacetWin “mail server” is essen- 
tially a POP3 server. Comparable func- 
tionality is available in many places on the 
Internet, such as the Eudora site or the 
HP-UX Porting Center (hitp://hpux.csc.liv. 
ac.uk/). 1 installed this and it appears to 


work OK. Note that it logs every login entry 
to syslog, and there doesn’t appear to be a 
way to turn it off. 


Remote Access Support 

This allows remote PCs that use dial- 
up networking and PPP to access 
FacetWin features as well as the entire 
network via the UNIX server. All this real- 
ly means is that you have to set up PPP 
between the UNIX server and the PC, 
and the FacetWin functionality will still 
work fine. Not too surprising, I suppose. 
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FIGURE 3 


Unable to connect to share->C 


fctlclient: \> quit 


Features Not Provided 
FacetWin does not provide connec- 
tivity features that users are likely to 


already have: mail client, Web browser, 
TCP/IP stack, or FIP client. 


At-a-Glance 


FacetWin _ 

Facet Corp, A Division of 

Structured Software Solutions, Inc. 

4031 West Plano Parkway 

Plano, Texas 75093-5627 

e-mail: info@facetcorp.com 

Phone: 800.235.9901 

Fax: 800.982.9901 

http://www.facetcorp.com/ 
Pricing 

Evaluation copies are free. Single 
user pricing is $195, multiple user 
pricing scales to $125 at 100+ users. 
Annual Maintenance is $60 for a sin- 
gle user, scaling to $18 for 100+ users. 
Additional copies of the FacetWin 
manual are $20/copy. 
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lsrvr quit 
mget restore 
mkdir rlist 
mput rmdir 
nbnane user 
put 


Enter "help" or ."?" for list of commands 


Installation 

The FacetWin documentation claims 
that the installation on the UNIX server 
should take “10 to 20 minutes,” and can 
be accomplished by a “novice system 
administrator.” I suppose that’s possible 
on a clean system that’s not running NIS 
or doesn’t have similar services (such as 
Samba) already configured. 

My initial shot at installation failed, 
primarily because I had Samba installed 
and running and some connections to 
the server were outstanding (I think). I 
eventually got it to work after I reme- 
died that situation and stopped NIS. 
Perhaps my problem was that I don’t 
consider myself a “novice.” Some analy- 
sis of the installation script showed it 
performing the following steps: 


m Identify OS revision 

m Kill existing Facet daemons if running 

m Select home directory for Facet soft- 
ware. Note that this is kept in a file called 
/etc/facetwindir. 

m Break apart and install the compressed 
distribution into the home directory. 


This includes the PC client software, 
which is available from the server for 
PC installation on multiple clients 
(assuming you've got the file server 
set up appropriately—the default con- 
figuration does this in a share called 
“FacetWinPC”). 

Set up the configuration files. This 
includes a file called Share, which 
defines the file and print server con- 
figuration on the UNIX server, as well 
as facetwin.cfg, which controls the 
overall configuration of the server. 
This file includes the workgroup 
name, which can be important. 

It then runs a binary called fct_instal, 
which apparently modifies /etc/services 
and /etc/inetd.conf: Examination of the 
result showed that it commented out 
existing entries in /etc/inetd.conf for 
the nethos_ssn, nethios_ns, pop3, and ns 
services and replaced them with Facet 
entries. I’m not sure what it did to 
/etc/services; nothing obvious that I 
could see since those services all use 
well-known ports. Nowhere is the 
behavior of fct_instal documented. 
Then it puts startup and kill scripts 
in /sbin/rc2.d and /sbin/rcl.d to start 
the remote print server and WINS 
server. Note that these are set at run 
level | to kill them first (as KO10 and 
K020 scripts) and at run level 2 to 
start them last (as S980 and S990). 
The script then attempts to rebuild 
the services.byname NIS database if it 
thinks the machine is running NIS. 
In order to determine this, it looks to 
see if the file /etc/yp/Makefile exists. It 
does on my machine, but my machine 
is not an NIS server, so this part failed 
miserably. Perhaps they should look 
for a running process called ypserv to 
trigger this. I eventually had to kill the 
ypbind process temporarily in order 
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software 


for this step to work. 

m Then it sends a SIGHUP to inetd to 
force it to reread /etc/inetd. conf. 

m Finally it installs man pages and some 
other stuff and exits. 


My problem with this process is that 
it makes fairly significant modifications 
to some critical OS files and directories 
without any up-front documentation. A 
log file is provided and the modifica- 
tions were delineated clearly so I could 
more or less follow what had just 
occurred. But I would have preferred 
greatly to have this process described in 
the documentation; this would have 
allowed me to prepare the system more 
appropriately and avoid some of the 
problems I encountered. 

Installation on the PC side is fairly 
straightforward; you can either install it 
from the CD or from the shared file sys- 
tem on the UNIX server (/igure 4). It 
uses the familiar “InstallShield wizard.” 
Note that on an NT system you must be 
logged in as “Administrator.” Note also 
that the default directory for installa- 
tion is C:\FacetWin,; on my NT machine 
a better choice would have been 
C:\ Program Files\ FacetWin. 

Once the installation was complete, 
I was unable to see the UNIX server on 
the PC. The user manual spends a fair 
amount of time discussing potential net- 
working issues (for Windows 95 systems 
only), but I knew the machines were 
networked OK because I had been using 
Samba and other network-dependent 
software successfully. 

After some digging I found a small 
section in the user manual that discusses 
NTspecific issues. It turns out that there 
are four different options for configur- 
ing security on the FacetWin server: 
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FIGURE 4 


1KB Text Document 


1KB VI File 
1,608KB Application 


1KB Text Document 


m “UNIX password.” This is the default. 
It requires that the login and password 
on the PC client exactly match the 
login and password on the UNIX 
server. This will work only if your envi- 
ronment will allow transmission of a 
username/ password pair in the clear 
on your network, and if your PC client 
will generate such a thing. Apparently 
some NT installations don’t, and mine 
is one of them. Or I just didn’t have 
everything lined up correctly, which 
is entirely possible. 

mw “rhost.” This allows machines named 
in /etc/hosts.equiv or $HOME/.rhosts to 
log in without a password. This worked 
fine for me. 

m “NT server.” This one requires you 
to specify the name of an NT server 
that will authenticate the user, using 
encrypted passwords. I didn’t try this. 

m “LANMAN” authenticates the user via 
DES encryption in a separate file on 
the server. I couldn’t get this to work 
either. You have to generate a sepa- 
rate password file using a special DES 
tool called _fct_encrypt and maintain a 
separate password file. 


1/28/97 12:35 PM 
1/28/97 12:35 PM 
4/10/97 12:37 PM 
4/10/97 12:28 PM 


Once I configured the “rhost” secu- 
rity option, the file sharing worked fine. 


Usability 

I’m using the file sharing functionali- 
ty to help write this review in moving files 
around between the two systems. It 
appears to work fine and actually seems to 
connect a bit faster than Samba. The ter- 
minal emulator seems to work just fine 
also. I’ve been using the POP3 server for 
a few days now and it appears to be work- 
ing well. I do take issue with the posi- 
tioning of the “backup function”; I 
suppose that it’s possible to back up PCs 
this way, but it’s also possible to back up 
UNIX machines using far. And it’s every 
bit as much fun. 


Reliability 

I did not observe any reliability issues 
during the test period. Everything 
appeared to work as advertised (once I got 
it working), except the backup function. 
Performance : 

Not much to talk about here. Things 
seemed to perform as advertised. The 


POP3 server appeared to do as well as the 
Eudora qpopper I had been using, and 
the file services appeared to perform like 
Samba. 


Supportability 

Telephone, fax, and e-mail support 
channels are all available. I didn’t have 
the opportunity to use any of them. 


Documentation 

FacetWin comes with a 158-page user 
manual. Most of it is devoted to describ- 
ing the terminal emulation program and 
setting up Windows 95 PCs. There is very 
little discussion of the configuration of 
the UNIX server or Windows NT clients. 
Many critical functions are barely 
described. The CD comes with a 35-page 
booklet. It essentially duplicates the 
installation chapter of the user manual. 


Summary 

Quite frankly, ’'m having a hard time 
seeing FacetWin as anything more than 
some freely available technology (Samba, 
POP3, etc.) with a terminal emulator and a 
fairly limited level of integration. I can’t help 
thinking it’s more foam than beer, but the 
pricing is in line with that. i 


Greg Cagle is a technical consultant with HP's 
Professional Services Organization, special- 
wing in HP-UX and workstations. In his 
spare time he is a member of the Executive 
Committee of InterWorks, the Technical Users 
Forum of Interex. He can be reached at 
(503)5 98-8205 or gregc@hpupora.nsi: hp.com. 
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by Bob Combs 


IT’s HARD TO IMAGINE constructing a 
subsystem without process synchro- 
nization. It is used whether the subsys- 
tem consists of multiple cooperative 
programs or a multithreaded program. 
As the name implies, process synchro- 
nization sequences tasks among threads. 

(Just for clarity, under Windows NT 
a thread is the basic object of execution 
allocated execution time. Every process 
has at least one thread of execution, and 
may have many threads. Threads in the 
same process execute the same code 
and access the same virtual memory and 
global variables.) 

What types of synchronization mech- 
anisms might one wish to perform? Well, 
the simplest one would be to have thread 
A signal thread B that some task is fin- 
ished or some event has occurred. Let’s 
call this the “single event” mechanism. 

A thread could wait for any of several 
events to occur, in which case it would 
be a “multiple event” mechanism. 

When many threads share one 
resource, and only one thread is allowed 
access at a time, P’ll call this synchroniza- 


LISTING 1 


HANDLE hEvent; 


void myRoutine(void) { 


tion mechanism “one-at-a-time” access. 

A related version of the one-at-a-time 
mechanism is the “several-at-a-time” 
access. In this mechanism a finite num- 
ber of threads are allowed to access the 
resource at the same time. This mech- 
anism allows up to some number of 
threads to have access, but no more than 
that number. When more than the limit 
request access, those beyond the limit 
are held off until the threads with access 
release their access. 

A synchronization object or mecha- 
nism under Windows NT conveys an 
event occurrence but does not convey 
other information. Other objects for 
inter-process communication (IPC) do 
transfer information, but that’s a sub- 
ject for a future column. 

Let’s compare how HP-UX and NT 
might effect each of the synchroniza- 
tion mechanisms listed above. 


Single Event 

If the indication is from a single pro- 
gram to another single program, HP- 
UX might use signals. The basic 


Creating and Signaling an Event 


// eveate an auto-reset event named Eventl 
hEvent=CreateEvent (NULL, FALSE, FALSE, “Event1”); 


// do something 


// signal the event 
SetEvent (hEvent) ; 


limitation of signals is that only one pro- 
gram can receive the event. Therefore 
shared memory or file locks are often used 
to communicate an event occurrence if 
more than one program is listening. 

Windows NT has both signals and 
shared memory constructs, but NT has an 
event object specifically for this type of 
synchronization. The event object can 
be opened by one or more threads that 
may then wait for it to be signaled. 
When it is signaled, all waiting threads 
are resumed. Threads use either the 
CreateEvent or OpenEvent call to get 
the event object handle, and the 
WaitForSingleObject call to wait for 
the event to become signaled. 

There are two types of events: manual- 
reset and auto-reset. A manual-reset event 
remains signaled (set) after it has been 
set until specifically reset by the 
ResetEvent call. The auto-reset event resets 
after the waiting threads are released. An 
event may be signaled either by the 
SetEvent or PulseEvent call. Listing 1 
shows a thread creating and signaling an 
event object. Listing 2 shows a thread wait- 
ing for the signaled event object. 


Multiple Event 

HP-UX might again use shared mem- 
ory to wait for multiple events. It’s also 
possible that a daemon would be added 
to monitor the multiple events and signal 
the waiting process when any have 
occurred. 

Windows NT again uses events, but 
in this case the waiting thread uses the 
WaitForMultipleObjects call. The call 
takes an array of handles and waits on 
them. A flag indicates whether to return 
when any of the objects are signaled or 
only when all have been signaled. 

An example of waiting on multiple 
objects is shown in Listing 3. 


LISTING 2 


void weWait (void) { 
DWORD dwEvent; 
HANDLE hEvent; 


// look up the Eventl’s object handle 


Waiting for an Event Object 


hEvent=OpenEvent (EVENT_ALL_ACCESS, FALSE, “Event1”); 


/{/ wait for it to be signaled 


dwEvent=WaitForSingleObject (hEvent, INFINITE); 


} 


LISTING 3 


#define nEvents 5 
void waitMany(void) { 
DWORD dwEvent; 
HANDLE hEvents[nEvents]; 
// look up the object handles 


for (1-0; 1 « nEvents: i++) 


Waiting for Multiple Objects 


hEvents[i]=OpenEvent (EVENT_ALL_ACCESS, FALSE, szNames[i]); 
} 

// walt for signal (sc) 
dwEvent=WaitForMultipleObjects(nEvents, hEvents, FALSE, INFINITE) ; 
} 


One-At-A-Time Access 

The UNIX semaphore is what HP-UX 
would use to restrict access to a resource 
to just one process at a time. The sema- 
phore limit count would be set to one 
(1). While there are a few other ways to 
achieve exclusive access to the resource 
under UNIX, semaphores are about the 
best mechanism. 

Windows NT, in addition to sema- 


phores, has a special mutually exclusive 
access object designed for this common 
need. This special object is named for 
its purpose with a truncated name; it is 
called the mutex. A mutex signals only 
one thread at a time, and only when no 
other thread currently owns it. 
Because NT has optimized the mutex 
for this particular type of synchroniza- 
tion mechanism, use of other objects 
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Using a Mutex 


void myRoutine(void) { 
HANDLE hMutex; 


hMutex=CreateMutex (NULL, FALSE, 


a0 (pMurex == NULL) i 


J/ check for error 


dwMutex=WaitForSingleObject (hMutex, INFINITE) ; 


if (dwMutex == WAIT _OBJECT_0) 


// yes, access resource 


ReleaseMutex (hMutex) ; 


// do we have access? 


Using a Semaphore 


void myRoutipe(void) { 

LONG cMax=7; 

HANDLE hSem; 

// create unnamed semaphore 
if(hSem == NULL) { 

// error 


// wait for access to a semaphore 


if(dwWait == WAIT OBJECT 0) { 


// have access, do something 


// release semaphore 1 count 
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hSem=CreateSemaphore (NULL, cMax, cMax, NULL); 


dwWait=WaitForSingleObject (hSem, INFINITE) ; 


ReleaseSemaphore(hSem, 1, NULL); 


such as files, pipes, and semaphores is 
discouraged. The mutex is the proper 
solution here. 

An example of using a mutex is in 
Listing 4. 


Several-At-A-Time Access 

Several-at-a-time access is accom- 
plished under HP-UX by the semaphore. 
The semaphore is a named counter for 
accesses to some resource. Initially a sem- 
aphoreis set to the value of the maximum 
number of accesses. As each module 
acquires the semaphore, the count is decre- 
mented. When the count reaches zero, 
modules are refused. As previously suc- 
cessful modules release the semaphore, 
the count is incremented. In this way 
only a specific number of modules are 
granted access to the resource. 

Windows NT has an identical con- 
struct named the semaphore, although its 
calls and code sequence look different. 
This is partly because the NT semaphore 
is treated as an object (like everything 
else in NT). Refer to Listing 5 for an 
example of using a semaphore. 


Code Section Lock 

Windows NT has a special case of the 
mutex type object called the Critical- 
Section, which can be used only by threads 
contained in the same process. It is a 
faster more efficient version of the mutex, 
but limited to use by threads within a 
process. Its primary purpose is to lock 
sections of code so only one thread at a 
time can be executing that section of 
code. A CriticalSection is created by invok- 
ing InitializeCriticalSection first, 
and then bracketing the code section 
with calls to EnterCriticalSection and 
LeaveCriticalSection. An example of 
critical sections is in Listing 6. 

The HP-UX equivalent of this is the 
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A CriticalSection 


void myRoutine(void) { 
CRITICAL SECTION critSect; 


try { 


} 
finally { 


memory-mapped semaphore or msema- 


phore. 


Summary 

You can further research the mech- 
anisms I’ve covered here by using the 
Win32 SDK references. But here are a 
few additional notes about NT and syn- 
chronization calls. 

NT’s WaitForSingleObject can have 
a timeout value that will cause it to 
return if no object has been signaled in 
that period of time. The timeout value 
can be disabled by supplying the con- 
stant INFINITE, causing the call to sus- 
pend forever or until the object is 
signaled. 

It is possible to wait for a process to 
finish executing by calling waitFor- 
SingleObject on a process handle. 
Similarly it is possible to wait for a thread 
to finish executing by waiting on the 
thread handle. 

_ NT provides a way to monitor for 
some change in a directory by creating 


LeaveCriticalSection(&critSect); 


InitializeCriticalSection(&critSect) ; 


EnterCriticalSection(&critSect) ; 


// execute code in locked section 


a change notification handle. A change 
notification handle can monitor for new 
file names, time-stamp changes, file 
attribute changes, file size changes, or 
file security changes. The thread calls 
FindLastChangeNotification to create 
the desired change notification handle. 
Then the returned handle is used in the 
WaitForSingleObject call in the same 
manner as other objects. i 


Bob Combs is the Director of Systems 
Architecture at PCSI in Englewood, New 
Jersey, a company specializing in client-serv- 
er technology. He is a Microsoft Certified 
Systems Engineer (MCSE) and holds a mas- 
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by Larry Headlund 


THE RELEASE OF HP-UX 10.20 
BROUGHT the Common Desktop 
Environment (CDE) to HP-UX. The 
CDE was a bold initiative of a consor- 
tium of companies, including Hewlett- 
Packard, Sun Microsystems, IBM, and 
AT&T, to share technology and present 
a united front towards Washington. No, 
not Washington, DC but the northern 
pole of the Wintel axis. The original 
CDE announcement and conference 
were in October of 1993; things have 
not worked out as planned for CDE in 
the fast-paced world of computers. 

The method of the consortium was 
for its members to contribute technol- 
ogy, with the sum of those pieces appear- 
ing on every member’s products. This 
would make it easier for third parties to 
write applications for any of the mem- 
bers’ machines and easier for end users 
to move from machine to machine, 
since their environment would remain 
the same. Among the contributed pieces 
were VUE from HP, ToolTalk from Sun, 
and the Windowing Korn Shell from 
AT&T. This last piece became the 
Desktop KornShell, flowing from the 
interim successor to AT&T, Novell. 


What is the Desktop KornShell? 
The Korn Shell (ksh) has been part 
of HP-UX since 7.0. What makes the 
Desktop KornShell (dtksh) different from 
the pre-10.20 ksh? Dtksh is based on ksh- 
93, which has some new constructs, most- 
ly for dealing with control and floating 
point numbers. For example, you can 
now set up a loop in a shell script that 
looks much like its C language cousin: 


for ((i=1; i < 256; ++i)) 


do 


done 


A more profound change is that the 
dtksh is extensible. That is, you can link 
your own code into dtksh and add spe- 
cialized functions. For example, you 
could add functions to access a database 
program, making the dtksh your 4GL. 
Another alternative is to use dtksh as 
the language “glue” that binds together 
components of a larger application. 

The most dramatic feature of the 
dtksh, and what brings it within the 
scope of this column, is that the dtksh 
has functions for integrating it into the 
X/Motif world. You can now write Motif 
programs completely within the shell, 
using GUI prompts and displays instead 
of just line oriented ones. Scripting lan- 
guages have a number of advantages for 
GUI development, including rapid 
development (no compile-link-execute 
cycle), compactness, and portability. 

The Desktop KornShell is not the 
first scripting language for X. Looking 
at the free alternatives only, we have 
Tcl/Tk, Perl, Python, Elk, and others. 
Each of these languages has its fans and 
detractors. Dtksh is interesting because 
it will be available on every HP-UX 
machine running 10.20 or above, with 
no porting required, and because you 
probably already know ksh and can pro- 
gram in it. Ifyou are already a proficient 
user of Tcl/Tk, Perl, or any of the other 
languages I mentioned, and don’t like 
ksh as a language, the dtksh will not be 
so interesting for you. But if you are 
already proficient in ksh or have shied 
away from it only because of lack of 
extensibility or lack of a GUI interface, 
dtksh changes the shape of the world. 


Desktop KornShell Is Not Perfect 
The dtksh shares with other scripting 

languages some disadvantages. The first 

one that springs to all minds, execution 


speed, is not a show stopper. On a modern computer dtksh is 
going to execute thousands of instructions per second. In the 
typical GUI application where most of the time is being spent 
waiting for user input, this is not an issue. If you are creating 
a product that will be used by many users on a single proces- 
sor or is very compute intensive, the dtksh may not be for you. 
You could code the compute intensive portions in a more effi- 
cient language and link those parts into dtksh, of course. Even 
in projects where you don’t envision the finished product in 
dtksh, it may be useful as a prototyping tool. 

Another disadvantage is that there are no software engi- 
neering tools that integrate with dtksh. I don’t know of any 
product that lets you draw Rumbaugh or Booch diagrams and 
spits out dtksh code. No browsers understand dtksh either. 

The Desktop KornShell is not object-oriented, does not do 
strong type checking, is not multi-threaded, and so on. This 
may hamper its use in large projects. However, I am reminded 
of a recent statement by Larry Wall, the author of Perl, to the 
effect that language designers are trying to emulate George 
Orwell’s Newspeak and create languages in which it is impos- 
sible to think evil thoughts. Is it necessary that every language 
be safe and appropriate for every project, at the possible cost 
of simplicity and flexibility? 

The author of the Desktop KornShell has written some 
large projects in it, including a dental practice management 
system for his wife in the tens of thousands of lines of code. 
However, he thinks, and I agree, that the most popular use 
of dtksh will be in exactly the sort of situations where a ksh 
script is used now, but with the addition of GUI elements. 


An Array of Buttons 

Time for the sample program. I have made two choices here. 
Dtksh has a direct mapping to most of the familiar X and Motif 
C functions and a set of its own convenience functions for quick 
coding. I have chosen to do this first example program with 
only the C analog functions because I though most of my read- 
ers would be familiar with them and it would make clear the 
techniques of dtksh programming. The second choice was not 
to do a classic ‘hello, world” program but instead something 
more complicated and certainly more useful. 

The program (Listing 1) is called chart. The purpose is to 
reproduce in X a program, one of the Norton Utilities I believe, 
for Microsoft Windows that extends the keyboard for the 
whole eight-bit character set. This allows you to conveniently 
paste foreign characters into a document, for example. 


Continued on Page 52 
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#! /usr/dt/bin/dtksh 
Widget Chart 


TOPLEVEL top 


TOPFORM topform 


~ MENUBAR menubar 


~ WORKING working 


-FILE File 


- FILEMENU filemenu 


- Extt®exit 


~RESULTS results 


- VALUE LABEL value_label 

~ VALUE value 

- OCTAL octal 

- DECIMAL decimal 

- DISPLAY LABEL display label 


# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
#t 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# 
# - BUTTONS buttons 
# 

# 

# 


- action buttons 


XtInitialize TOPLEVEL top chart Chart “se” 


amCreateMainWindow TOPFORM STOPLEVEL “topform’” 


# Menubar creation 
XxmCreateMenuBar MENUBAR \ 
STOPFORM \ 


“menubar” 


AmCreateCascadeButton FILE \ 
SMENUBAR \ 
“File” \ 
mnemonic: F 
xmCreatePul ldownMenu FILEMENU \ 


SMENUBAR  \ 
“filemenu” 
amCreatePushButton EXIT \ 
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x-watch 


Continued 


SFILEMENU “Exit” \ 


mnemonic:x 


XtAddCallback SEXIT activateCallback “exit” 
60 XtManageChildren $EXIT 

61 XtSetValues $FILE subMenuld:$FILEMENU 

62 XtManageChildren $FILE $FILEMEMU 

63 XtManageChild SMENUBAR 


64 

65 # working area 

66 XmCreateRowColumn WORKING \ 

67 STOPFORM \ 
68 “working” 

69 # resutls area 

70 XmCreateRowColumn RESULTS \ 

71 SWORKING \ 
dg ‘results’ \ 
73 orientation: XmHorizontal 
74 

75 xXmCreateLabel VALUE_LABEL \ 
76 SRESULTS \ 

at “value_label” \ 

78 labelString: Value 
79 

80 XmCreateText VALUE \ 

81 SRESULTS \ 

82 “value” \ 

83 columns:1 \ 

84 sensitive:False 

85 

86 tetreatelabel OCTAL \ 

87 SRESULTS \ 

88 “octal” \ 

89 labelString:’\'0000 
90 

91 XmCreateLabel DECIMAL \ 

92 SRESULTS \ 

93 “decimal” \ 

94 labelString:000 

95 

96 XmCreateLabel DISPLAY LABEL \ 
97 SRESULTS \ 

98 “display_label” \ 
99 labelString:* ~ 

100 

101 XtManageChildren $VALUE_LABEL \ 
102 SVALUE \ 

103 SOCTAL \ 

104 SDECIMAL \ 
105 SDISPLAY LABEL 
107 # Array of buttons 


XmCreateRowolumn 
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Continued 


109 SWORKING \ 

110 “buttons” \ 

111 packing: XmPACK_COLUMN \ 

12 orientation:XmVertical \ 

113 numColumns :20 

114 

115 for ((i=l; 1 < 256; +41)) 

116 do 

117 decimal=$i 

118 octal=‘printf “to” $decimal* 

119 char="echo ‘\0'Soctal” 

120 label=$char 

121 if (($decimal < 32)) then # control characters 
122 let x=Soctal+100 

123 label=**echo “\0"Sx° 

124 fi 

125 if (($decimal == 32)) then # space character 

126 label=sp 

27 fi 

128 XmCreatePushButton BUTTON SBUTTONS “$label” 

129 XtAddCallback SBUITON \ 

130 activateCallback \ 

131 *\ 

132 XtSetValues SVALUE value: echo Schar’’ ‘; \ 
133 XmTextSetSelection SVALUE 0 10; \ 

134 XtSetValues SDECIMAL label String:$decimal; \ 
235 XtSetValues SOCTAL labelString:’\'0Soctal; \ 
136 XtSetValues SDISPLAY LABEL labelString:Slabel *‘;\ 
137 

138 

139 XtManageChild SBUTTON 

140 done 

141 

142 


143 XtManageChildren SWwORKING 
144 XtManagechildren SRESULTS SBUTTONS 
145 XtManageChildren STOPFORM 


147 XtRealizeWidget STOPLEVEL 
148 XtMainLoop | 


Continued From Page 51 

The application consists of a set of push buttons, one for 
each of the 255 characters. Each button is labelled with the cor- 
responding character. When a button is pushed, the appro- 
priate character is put in the buffer of a text field and selected. 
This means it can be pasted into another application by the 
usual means (middle button on a three-button mouse). It is 
sometimes convenient to know the octal and decimal value 
of the character, so these are displayed in labels. I also have a 
label showing the last character displayed. 


Line I invokes the dtksh. I have done a chmod +x chart so if 
the chart program is in my PATH, I just need to type chart to 
activate it. Lines 2 through 37 give a chart of all the widgets. 
I find this sort of documentation useful for anyone wishing 
to understand and modify a program, even myself if I haven’t 
looked at it in a while. 

Line 39, XtInitialize TOPLEVEL top chart Chart "$@”, 
is the first command of the script. You notice how it mirrors the 
Xt C function of the same name. A big difference is how it 
treats return values. Shell functions only return integer values. 
In a similar line of C code you would write: 


TOPLEVEL = XtInitialize(...) 


In the dtksh mappings of functions that must return a com- 
plex data type, such as widget creation functions, the first argu- 
ment to the function is a variable in which that value will be 
stored. Hence TOPLEVEL from line 39 now contains the value 
of the widget, which can be accessed in the usual ksh manner 
as STOPLEVEL. This usage is consistent for all the X and Motif 
functions—the first argument holds the return value. 

The second thing you notice about line 39 is that argu- 
ments are separated by spaces, the shell convention, rather 
than commas as in C. The final argument, “$@”, uses some of 
the shell’s features. This construct passes any command line 
arguments to the script through to Xt. For example, if I type 
chart -iconic the program obediently appears as an icon. 

The next action line, line 41, 


XmCreateMainWindow TOPFORM STOPLEVEL “topform” 


uses the value of TOPLEVEL just created. Note that TOPFoRM is 
the widget returned and to use the value of TOPLEVEL the argu- 
ment is STOPLEVEL. 

This all looks pretty much like an equivalent C program! 
However, there are no include files and no declaration of vari- 
ables. I use the convention that variables are in all caps, but you 
are free to use your own conventions or none at all. 

Line 115 uses the for loop construct I talked about at the 
beginning of this column. Notice I am using a loop to create 
255 buttons. Imagine you were using one of those WYSIWYG 
screen designers. Imagine you were individually creating all 255 
of those buttons, and realize the advantages of a language 
over a screen drawing tool for this application. 

Line 118 


octal=‘printf *%0” $decimal* 


uses the formatted print function of dtksh. Formatted print- 
ing is a relatively new feature of the KornShell; it is available 
on your standard ksh in HP-UX, and it will probably save a 
lot of shelling out to run awk scripts. 

I wanted the button label to display “L instead of the form 
feed character, and similarly for all the control characters, so 
lines 121 through 125 do the appropriate manipulation. I also 
wanted a literal “sp” for the table for the space character, and 
lines 125 through 127 take care of that. 

Lines 129 to 137 illustrate the key feature of dtksh—you 
can use shell commands as callbacks: 


129 XtAddCallback  $BUTTON \ " 

130 activateCallback \ 

34. rh 

132 XtSetValues S$VALUE value:*echo Schar*’ ‘; \ 

133 XmTextSetSelection S$VALUE 0 1 0; \ 

134 XtSetValues SDECIMAL labelString:$decimal; \ 
135 XtSetValues SOCTAL labelString:’\’0Soctal; \ 
136 XtSetValues S$DISPLAY_LABEL labelString:$label'; \ 
137 x 


We have already set char, decimal, octal, and label to be 
the appropriate values. The only non-obvious thing I am doing 
is on line 132 and 136. The trailing space (‘‘) I have append- 
ed is to take care of those cases in which the char or label 
comes through as a null. 

The application as written has some faults. It uses a lot of 
screen space and it would be useful if the groups of characters 
could be displayed individually. The script has no online help, 
no real use of resources, no internationalization support and 
doesn’t demonstrate any of the convenience functions of 
dtksh. These will be topics for a future column. El 


Larry Headlund is the president of Mathematical Engineering, Inc., 
a UNIX and Motif development company. He has been working with 
commercial UNIX since 1983 and with X since 1987. He can be 
reached at lmh@world.std.com or at 1 617 242 7741. 
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I HOPE MANY OF YOU are taking advan- 
tage of the emacs editor for your soft- 
ware development needs. With its 
extensibility, there are very few things it 
cannot do or be made to do. I’ll discuss 
a number of new or upgraded modes 
(or modules) that have recently 
appeared on the Internet. In addition, 
some new Java software is also available 
that you may wish to look at. I conclude 
with some experimental software for the 
not so faint of heart. 


COMP.SYS.HP.HPUX 


Java WorkShop (Version 2.0) 

Unfortunately, I have not invested 
much time in Java recently. There are 
many, many new tools and utilities being 
developed using the Java language (see 
muffin, below). And now it seems Sun 
MicroSystems is pushing its new devel- 
opment environment onto other plat- 
forms. 

Sun has just released a “pre-release” 
version of its Java WorkShop by Sun 
Version 2.0 for HP. This is a complete 
toolset designed for fast and easy Java 
development. It incorporates the HP- 
UX Virtual Machine with JIT Version 
1.1.2 for faster runtime performance. 
The following list of features was bor- 
rowed from the Web site, 


http://www.hp.com/gsyinternet/hpjdk/wo 
rkshop. html, 


the source of the software: 


m Project Manager—to organize all the 
files needed to create a Java program 

m Visual Java—to assemble an applica- 
tion user interface rapidly using pre- 
built graphical components 

m Source Editor—to write and view Java 
source code easily 


by Joseph Berry 


Build Manager—to build or rebuild 
a Java project with minimal recompila- 
tions a la the UNIX “make” utility 


m Debugger—to graphically debug 
multi-threaded Java applications 

m Source Browser—to view code struc- 
ture and create a hypertext-linked- 
class hierarchy tree of Java classes 
used 

m Project Tester—to run Java applets 
and applications automatically with- 
out leaving the development envi- 
ronment 

w Portfolio Manager—to create, share, 
and publish your Java projects on the 
Intranet or Internet 

mw Online Documentation—to get assis- 
tance and tutorial help during devel- 
opment 


Please note that HP is not providing 
support for this pre-release version. I believe 
that by the time you see this article in print, 
a new version will have been released. 


jee (v 0.2) 

This package and the next one below 
(toba) are Java to C converters. In par- 
ticular, this package converts Java source 
code (.java files) into C programs that, 
when compiled, should run over 10 
times faster than Sun’s Java Virtual 
Machine. jcc supports threaded code 
and the Java networking API. Full source 
code is provided. Note, however, that 
this is an early version of the program 
that, according to the author (Nik 
Shaylor, nshaylor@tcp.co.uk) is intended 
for evaluation purposes only. Further 
development is needed for it to become 
amature system. It appears that jcc sup- 
ports only JDK v 1.0.2. 

You can get more information about 
jcc including the source code from 
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http://www .geocities.com/ CapeCanaveral 
/Hangar/4040/. 


toba (v 1.0.66) 

This package converts Java bytecodes 
(.class files) into C programs. Currently 
supporting only JDK v 1.0.2, tobais part 
of a larger project at the University of 
Arizona (my alma mater) called 
“Sumatra,” which explores the issues 
surrounding efficient execution of 
mobile code. Information about 
Sumatra can be gleaned from 


hitp://www.cs.arizona.edu/sumatra/. 


The actual toba code is available for 
download from Web address http://www. 
cs.arizona.edu/sumatra/toba/. According to 
the toba documentation, it runs only 
under Irix 6.2, Linux 2.0, Solaris 2.5, and 
Windows NT 4.0. Only the Solaris imple- 
mentation currently has thread and AWT 
support. An interesting project would be 
to convert this package to HP-UX (it may 

just be a compile). According to the 
authors, “Our freely available distribution 
includes source code for all of toba—we 
encourage outside porting efforts.” 


COMP.LANG.JAVA.ANNOUNCE 


muffin (v 0.4) 

muffin is a filtering proxy server for 
the World Wide Web. It filters anything 
sent between the Web browser and the 
server. This includes HTTP headers and 
content types such as text/html and 
image/gif. muffin comes with add-on fil- 
ters that are loaded at runtime. Several 
example filters are included, but users 
are encouraged to write their own using 
the provided ReplyFilter, RequestFilter, 
and ContentFilter API. 
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Make the UNIX to MPE Connection 


IX/92" 


Full featured HP terminal emulation 


New! Version 6 


Faster File Transfer 
NS/VT Network Option 
Enhanced Script Language 
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HP-UX Interactive UNIX SCOUNIX SunOS/Solaris 
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internet goodies 


This all-Java software was developed 
by Mark Boyns (boyns@sdsu.edu) at San 
Diego State University and is available 
for downloading from http://mu/ffin. 
doit.org/. Running the software requires 
the use of the Java Development Kit, 
Version 1.1 (known as JDK 1.1). If you 
don’t already have it, download the 
newest version (as of this writing, it is 
JDK 1.1.3). The documentation men- 
tions that the software has been tested 
only on Solaris, Linux, and Windows 95. 
I do not see any reason why it should not 
work on an HP-UX system. This is a cur- 
rent list of filters that come with muffin: 


mw AnimationKiller—kill GIF89a ani- 
mations by either limiting the num- 
ber of loops or turning them into 
broken images 

m CookieMonster—remove HTTP 
Cookie headers Cookie and Set-Cookie. 

m Logger—keep a log of accessed URLs 

m Referrer—change the HTTP refer- 
rer header to any URL or choose 
from a list 

m SecretAgent—change the HTTP 
User-Agent header to any Web brows- 
er or choose from a list 

m SecretServer—change the HTTP 
Server header 

= Snoop—view all HTTP headers 

m Stats—maintain various stats about 
your HTTP session. Useful for cal- 
culating the exact site ofa Web page 


GNU.EMACS.SOURCES 


cc-mode (version 5.17) 

All my C software development is 
done via emacs using cc-mode. Packaged 
with emacs (Version 19.34.1) is cc-mode 
Version 4.282. While useful, this version 
is quite old. A better solution is to down- 


im hp-ux/usr = nov./dec. 1997 


load the author’s cc-mode directly from 
his site and to install that over the old 
copy of cc-mode. 

A number of advanced features are 
available with cc-mode Version 5.17. 
Included is support not only for editing 
C code but also for editing C++, Java, 
and CORBA’s IDL code. Follow the 
steps in the README file closely as you 
will also need to download and install 
additional emacs software to get this cc- 
mode to work. You may be wondering 
about the advantages of this cc-mode. 

You can configure the software auto- 
matically to format your C code into any 
style you would like, including K&R C 
and ANSI. For example, the left brace 
can be under the ‘if statement or it can 
be on the right side of the ‘if’ statement. 
You can have reserved words colored in 
blue, comments colored in green, etc. 

cc-mode was developed by Barry A. 
Warsaw (cc-mode-help@python.org), a 
Python language software developer. 
The software is available via anonymous 
ftp from ftp.python.org as /pub/emacs/ce- 
mode.targz. Once there you'll see an addi- 
tional subdirectory that contains 
documentation in both PostScript and 
html format for use with your browser. 


todomode (v 1.12) 

Here we have yet one more emacs 
mode that you might want to play with. 
Developed by Oliver Seidel (Oliver. 
Seidel@cl.cam.ac.uk) , todomode is a major 
emacs mode for editing todo list files. 
It does this by treating most lines in a 
buffer as a list of items one has to do. 
Included are facilities for adding new 
items, categorizing item, and editing 
and deleting items from a buffer. 

The code has recently gone through 
a number of revisions so that by the time 
you look for it, todomode may well be past 


Version 1.12. Sources are available wher- 
ever the Usenet newsgroup gnu. 
emacs. sources is archived. If you have prob- 
lems finding it, send me an e-mail request 
and I'll return you a copy of the code. 


JDE (Version 1.6) 

Do you want to merge Java with 
emacs? JDE is an emacs package that 
interfaces emacs to JavaSoft’s Java 
Development Kit (JDK). The JDE pro- 
vides menubar access to the JDK com- 
piler, debugger, and API documentation. 
Features of the Emacs/JDK combination 
include: 


syntax coloring 

auto indentation 

compile error to source links 
source-level debugging 


source code browsing 


JDE requires the latest version of cc- 
mode (see above) and andersljava-font- 
lock.el mode (available from htitp:\\ 
www.csd.uu.se\~andersl\emacs. shtml) . JOE 
integrates these and other packages into 
one consistent interface for developing 
Java programs. 

I believe this package was written by 
Paul Kinnucan (paulk@mathworks.com). 
The software is available via Web access 
to http://www.oasis.leo.org/java/develop- 
ment/ides/00-index. html. Browse through 
the page as it includes other goodies to 
be had. 


ALT.SOURCES.D 


ILU 2.0 

Do you want to be at the cutting edge 
of a new technology? Or do you want to 
have some fun with a package you'll prob- 
ably never use in real life? Go visit the 
Palo Alto Research Center (PARC) Web 
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page and take a look at some of their pro- 
jects (hitp://www.parc.xerox.com/) . 

One particular project from PARC is 
the Inter-Language Unification System 
(ILU), which I became aware of through 
the alt.sources.d newsgroup. You can read 
about the ILU project via a Web browser 
pointed to ftp://ftp.parc.xerox.com/pub/ 
iu /ilu.himl (don’t let the ‘ftp’ in the address 
fool you; PARC’s Webmaster goofed; this 
indeed was the correct Web URL). 

To explain what ILU is, I will quote 
from the ILU documentation: “The 
Inter-Language Unification system (ILU) 
is a multi-language object interface sys- 
tem. The object interfaces provided by 
ILU hide implementation distinctions 
between different languages, between 
different address spaces, and between 
operating system types. ILU can be used 
to build multi-lingual object-oriented 
libraries (‘class libraries’) with well-spec- 
ified language-independent interfaces. It 
can also be used to implement distrib- 
uted systems. It can also be used to 
define and document interfaces between 
the modules of non-distributed pro- 
grams. ILU interfaces can be specified 
in either the OMG’s IDL language, or 
in ILU’s Interface Specification 
Language, which allows extensions to 
the CORBA spec. Programming lan- 
guages supported in 2.0alphal0 are 
ANSI C, Common Lisp, Java, and 
Python; rough C++ support is also pre- 
sent. Operating systems supported in 
2.0alphal0 are all Windows platforms 
with Win32 and WinSock, and all UNIX 
platforms with BSD sockets and minimal 
POSIX compliance. 2.0alpha10 supports 
interoperability with ONC RPC services, 
OMG CORBA services, World Wide Web 
HTTP services, and XNS Courier ser- 
vices. ‘Plug-in’ extensibility is provided 
for RPC message formats, message trans- 
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port schemes, URL schemes, account- 
ing and authorization identity types, 
threading and event loop processing, 
and various other things. ILU is provid- 
ed free for unrestricted use. 

“Known bugs are listed in the 
README file. Despite being an alpha 
release, 2.0alpha10 is very stable along 
a number of dimensions. Principal areas 
still under development, and hence 
unstable, are: the specific APIs for secu- 
rity, the C++ mapping, the Java map- 
ping, the mapping of ILU object 
references to various RPC protocols, the 
specific algorithm for automatic gener- 
ation of type UID fingerprints, and the 


specific contents of the ILU profile in 
the OMG CORBA IOR.” i 


Joseph Berry is a senior software developer at 

Landmark Systems Corporation in Vienna, 
Virginia. He is one of the authors of 
Landmark's PerformanceWorks products, 
PerformanceWorks/Smart Agents for UNIX. 
A former HP 3000 systems specialist for 
Hewlett-Packard, he has been in the computer 
industry for more than 25 years. He can be 
reached at joe@wayne.unix.landmark.com. 
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HP-RT by Geff Blaha 


Qi? 1 am using HP-RT revision 3.00. I am attempting to open a SWSM with the 
mmap(2) call. lunderstand this replaces the shmmap(2) function, which is a Draft 9 
interface. When I attempt to use the mmap(2) call, I see an error: 

mmap of Al failed: Device doesn’t exist 
Yet, the device /dev/A1 does indeed exist. What could be wrong? 


#&= The call mmap(2) does not communicate with device files. 

The Application Programming In The HP-RT Environment manual, part number 
B5487-90001, edition E0197, table 4-1 on page 4-37 displays comparable “Draft 9” 
and “POSIX.1b” interfaces. A reference is shown comparing shmmap(2) (Draft 9) with 
mmap(2) (POSIX.1b). This is generally true, except for notes 1, 2, and 3, listed on 
page 4-37, as well as the following: 

The POSIX.1b mmap(2) call does not support HP-RT device files. Thus, map- 
ping of System Wide Shared Memory (SWSM) cannot be accomplished with mmap(2); 
shmmap(2) can be used to map a SWSM. 

At some future date, support for POSIX 1003.4 Draft 9 will be removed from 
the HP-RT product. Most system calls included within Draft 9 also exist within the 
POSIX. 1b interface, providing similar or identical capabilities. System calls, such 
as shmmap(2), will be maintained within HP-RT to allow a consistent interface and 
access to a SWSM. 


QQ= When I execute a program on HP-RT with the function: 
e while (1); 


and no subsequent executable functions, I notice the system will lock up, waiting for 
the program to complete execution. This occurs when I execute the program at 
priority 81 or higher. Why is this occurring? What can I do to obtain system response 
while this program is executing? 


#&= After the system is booted, log in on the system console. ps -axon reveals 
results similar to: 


pid ppid pgrp pri text stk data time dev user S name 


0 0 0 0 0 0 4 35.57 root Rnullpr 

1 1 1 80 92 20 28 = 0.29 root W /init 
ii 1 11 80 92 20 #460. 1.40 root W /etc/unfsio 
75 1 75 81 44 = 20 12 0.00 console root W /bin/syncer 
78 | 78 80 108 = 20 36 =0.01 console root W /etc/inetd 
80 f 80 80 172 24 56 0.04 console root W /bin/sh 
81 1 81 80 88 20 28 0.00 ttyl root W /bin/login 


82 78 82 80 120 28 32 ~—s- 0.01 root W /bin/rlogind 
94 80 80 80 100 32 36 0.02 console root C/bin/ps 


7352K/0K free physical/virtual, 1608K used (in this display) 
Most processes above have a priority of 80. If your “while loop” program executes 
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at priority 80, other processes above can still gain CPU access, 
via the mechanism of “quantum.” Now, when the “while loop” 
program executes at a priority of, say, 81, it will prevent other 
processes at a lower priority from executing, until it is done. 
Since the “while loop” program will not finish without user 
interaction via an interrupt, the system is effectively “frozen.” 

To prevent this from occurring, you must increase the pri- 
orities of necessary processes to a priority high enough to pre- 
vent any freeze from occurring. Thus, for the above list of 
processes, increasing the priority of /bin/sh to be the same as 
or higher than the “while loop” program will allow continued 
console access, even when the “while loop” program executes. 
If network access is also desired, you must also increase the 
priorities of /bin/rlogind and /etc/inetd. If you are executing a 
ramdisk system, you will also need to increase the priority of 
/etc/unfsio for NFS access. 

Also note, another method is to ensure the “while loop” 
program does not exceed the priorities of necessary process- 
es, like those described above. This can be accomplished man- 
ually, or, within the program itself with setprio(3). 


QQ: Iam attempting to boot six 743rt processors from one 
743i processor within a VME crate, using the VME backplane. 
I can successfully boot two processors after a reset and reboot 
of the 743i, but the other four 743rt processors fail to com- 
plete the boot process, stopping at various stages of the boot 
process. What could be causing this? 


4%: Verify the PDC revision of your 743i and 743rt 
processors. This can be accomplished within the Boot 
Console Handler (BCH) from the Main Menu, by selecting 
Key 5, “Firmware Information.” Displayed near the top is 
the revision of PDC, similar to: 


PDC Version 304.2 Release 1 
The latest revision of PDC for the 743 processors is: 

PDC Version 307.0 Release 3 
This revision corrects various problems, including VME bus 
communications, which could be causing your boot problems. 


If any of your 743 processors have a PDC revision earlier than 
307.0.3, you should upgrade all of them to this latest revision. 


Firmware upgrade kit A2636-60018 contains the latest revi- 
sion of PDC for the 743 processor. 


QQ: Are Fast/Wide SCSI devices supported on HP-RT? 


4#A&: As of Revision HP-RT 3.01, Fast/Wide SCSI devices are 
supported. 


QQ? I have just installed Revision 3.01. I noted there were no 
manual updates. How do I install and configure a Fast/Wide 
SCSI interface and devices? 


4%: This information is included within the HP-RT 3.01 
Release Notes. Included are excerpts below: 


Constructing a Fast/Wide SCSI Disk-Based System 
Related Documentation 


® You need the following manuals: 

— Model A4268A Fast/Wide Differential SCSI Adapter 
Installation and Service Guide (E0495, HP part number 
A4268-90600) 

— HP-RT System Administration Tasks (E0197, HP part num- 
ber B5487-90002) 

— Current edition of Managing HP-UX Software with SD-UX 

m You may also need to consult the current edition of your 

VMEbus computer owner’s guide: 

— Model 743 Owners Guide 

— Model 744 Owners Guide 


Configuration Requirements 


m The A4268A Fast Wide Differential SCSI (FWSCSI) Adapter 
is supported on Model 743rt and 744rt VMEbus computers 
at this Release 3.01 of HP-RT. It is not supported on earlier 
releases of HP-RT. 

m The A4268A FWSCSI Adapter is not supported on the 
Model 742rt. 

m The boot ROM on your VMEbus computer must be Version 
304.2 (Revision E) or later. Processor Dependent Code 
(PDC) displays the boot ROM version number when you 
reset your VMEbus computer. The Model A4268A Fast/Wide 


hp-ux/usr = nov./dec. 1997 FR 


hp-rt 


Differential SCSI Adapter Installation and Service Guide explains 
how to change the boot ROM. 


Note: 


Do not replace the boot ROM on a Model 744. All Model 


744 boot ROM revisions support the Fast/Wide SCSI adapter. 


By default, HP-RT sets the address of the FWSCSI adapter 
to 7, and it ignores the switch settings on the adapter card. 
This default is set in the $HPRTroot/etc/conf/info/fwscsiin- 
fo.c file on your HP-UX host system. The section below 
explains how to override the default setting. 

You cannot have a SCSI device at the same address as the 
FWSCSI adapter. 

FWSCSI device addresses can be set in descending priori- 
ty from 7 (highest priority) through 0, and then in descend- 
ing priority from 15 through 8 (lowest priority). Note that 
in this address scheme, device address 0 has a higher pri- 
ority than device address 15. From 15, the priorities of 
device addresses descend to device address 8 (that is, 14, 13, 
12, 11, and so forth down to 8). 

Your root disk should have a higher device address than 
any other device on the SCSI bus. Thus, if your FWSCSI 
adapter is set to the default (7), you may want to set the 
device address of your FWSCSI root disk to 6 (the default). 
HP-RT provides character, block, and pass-through driver 
device files for various SCSI device addresses. (To display the 
list, issue the iJ command on /dev.) If you select a device 
address that is not listed in the /dev directory, you must cre- 
ate the appropriate device files using the mknod(1) com- 
mand. See the $HPRTroot/etc/conf/cfg/fwscsi. cfg file. 

If you have installed an expansion kit adapter, the FWSC- 
SI adapter can be installed in the left slot (facing the 
VMEbus computer front panel) or the center slot of the 
expansion adapter, depending on the position of any other 
Graphics System Connect (GSC) mezzanine cards installed 
on your VMEbus computer. 

On a Model 744rt with an HCRX/VME graphics board, 
the FWSCSI adapter can only be installed in the left GSC 
slot (facing the front panel). FWSCSI adapter numbers are 
1, 2, or 3, depending on the adapter’s GSC slot position. 


Installation and Configuration Procedure 


1. 


If you have already set up your HP-RT system, continue 
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to the next step. If you have a new HP-RT system, set up 
your HP-RT development environment as explained in 
Chapter 2 of the Edition E0197 HP-RT System 
Administration Tasks manual. 


. Install or update your HP-RT software as explained in 


Chapter 2 of the Edition E0197 HP-RT System 
Administration Tasks manual. The installation procedure 
begins on page 2-9. The update procedure begins on 
page 2-12. 


. Install the A4268A Fast Wide Differential SCSI Adapter 


on your VMEbus computer as explained in the Model 
A4268A Fast/Wide Differential SCSI Adapter Installation and 
Service Guide. 

(Model 744 only) If you have a Model 744, do not 
replace the boot ROM. All Model 744 boot ROM 
revisions support the Fast/Wide SCSI adapter. 

(Model 743 only) If you do not have the correct boot 
ROM revision on your Model 743 VMEbus computer, 
change the boot ROM as explained in the manual listed 
above. (See the “Configuration Requirements” section 
above for more information. ) 


. Use your VMEbus computer’s Boot Console Handler 


(BCH) interface to identify your FWSCSI adapter 
number. 
Model 743rt without on-board graphics or HP A4267A 
graphics card: 
On-board SCSI adapter number is always 0 
FWSCSI_1 is adapter number | 
FWSCSI_2 is adapter number 2 
Model 743rt with on-board graphics or HP A4267A 
graphics card: 
On-board SCSI adapter is always adapter number 0 
On-board graphics or HP A4267A graphics card is 
adapter number | 
FWSCSI_1I is adapter number 2 
FWSCSI_2 is adapter number 3 
Model 744rt: Enter the command, Jnformation IO, from 
the BCH Main Menu prompt to access information 
about the I/O devices installed in the option slots. 
On-board SCSI adapter is always adapter number 0 
GSC] is adapter number | 
GSC2 is adapter number 2 
Refer to your VMEbus computer owner’s guide for 
more information on the BCH interface. 


5. (Optional) By default, HP-RT ignores the SCSI address 
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switches on the FWSCSI adapter card. If you want HP-RT 
to read the device address from the card, set the switches 
on the card as explained in the Model A4268A Fast/Wide 
Differential SCSI Adapter Installation and Service Guide. 
Then change the appropriate define statement in the 
BHPRTroot/etc/conf/info/fwscsiinfo.c file on your HP-UX 
host system from Oxf to -/. For example: 


#define fw_INIT_ID_SLOT1 -1 
#define fw_INIT_ID_SLOT2 -1 
#define fw_INIT_ID_SLOT3 -1 


. If you are constructing a disk-based system for the first 
time, complete all of Chapter 4, “Constructing a Disk- 
Based System,” in your Edition E0197 HP-RT System 

Administration Tasks manual, substituting the information 

below in steps 6a through 7b as appropriate. 

If you have already installed HP-RT on your HP-UX 
host system and are just installing HP-RT to a FWSCSI 
disk for the first time, start with “Making the HP-RT 
Install and Disk Kernel Files” on page 4-4 of your Edition 
E0197 HP-RT System Administration Tasks manual, 
substituting the information below in steps 6a through 
7b as appropriate. 

For this‘HP-RT 3.01 release, the ADMrt program has 
been modified to support FWSCSI. Your Edition E0197 
HP-RT System Administration Tasks manual does not 
document (or show example screens for) the following 
steps: 

a) On the “Make HP-RT install and disk kernels” screen 
(see page 4-5), click on the FWSCSI button to include 
the FWSCSI driver in the kernel. Then select your disk- 
based kernel parameters. 

b) From this same screen, select the Modify Disk Install 
Parameters field (lower left corner of the screen). 

c) When the “Modify Disk Install Parameters” screen 
appears, change Disk Type to FWSCSI. If you are not 
using the default device address (Dev Addr) of 6, enter 
the device address of your disk. 

Also, select the FWSCSI adapter number. This is the 

number that was listed by your system’s BCH interface 

(see step 4 above). 

. Continue with step 7 on page 4-7 of your Edition E0197 

HP-RT System Administration Tasks manual. 

a) When you come to the section “Setting the Primary and 
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Alternate Boot Device Paths” on pages 4-10 through 4- 
13, note the following command changes: 

(Model 744rt) Use the following command to set the 
primary boot path to your FWSCSI disk (see page 4-10): 
Main Menu: Enter Command > path fwscsi.fwsci_ 
address.logical_unit_number 

For example: 

Main Menu: Enter Command > path fwscsi.6.0 
(Model 743rt) Use the BCH menus to set the primary 
path to your FWSCSI disk (see page 4-11). 

b) When you come to step 5 on page 4-17, use the follow- 
ing command form if you are booting your FWSCSI disk 
drive from ISL: 

ISL>rtboot-r scsi.device_address.adapter_number 
/hp-rt where the device address is in decimal. The 
adapter number is 1, 2, or 3, depending on the 
adapter’s GSC slot position. 

For example: 


ISL> rtboot -r scsi.6.1 /hp-rt 


where 6 is the default device address of the FWSCSI disk 

and 1 is the FWSCSI adapter number. 
8. You can now complete the rest of Chapter 4 in your 
Edition E0197 HP-RT System Administration Tasks 
manual. L 


\ 


HP-RT Operating System questions are answered by Geff Blaha, a 
support engineer in the HP-RT Expert Center. He has worked with and 
supported real-time systems for over 19 years as a Customer Engineer, 
Real-Time Response Center Engineer, and HP-RT Expert Center 
Engineer. He can be reached at geff@cup.hp.com. 
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i} GSL Perspective 


FOR SEVERAL YEARS, Interex has been 
studying and planning changes that will 
position the organization for growth. 
Many of the trends that affect us as users 
are putting pressure on users groups to 
develop new strategies. With the rapid 
rise of distributed computing, the suc- 
cess of NT in the marketplace, and con- 
tinued pressure on cost control, IT 
organizations are looking for more value 
from their membership in groups such 
as Interex. I’ve found that if a users 
group or association can’t transform 
itself along with the market, it will no 
longer be supported. Such a fate has 
befallen groups like DECUS, Uniforum, 
and SUN Users group. Interex is by no 
means immune to the changes in the 
market, yet the Board and staff have 
been very proactive in ensuring that the 
organization continues to keep pace 
with member needs as they change. 

In a nutshell, Interex will be offering 
more opportunities for member-to- 
member communications through 
forums. These forums will be established 
around like interests and function as 
strategic advocates for products and ser- 
vices that Interex may offer and as 
venues where issues can be discussed 
with vendors. They also will provide 
opportunities for assisting existing relat- 
ed SIGS to address their issues in a more 
visible way. Some possible forums are 
MPE, HP-UX, system admin/manage- 
ment (cross platform, functional), 
Internet/intranet, etc. I see this as a very 
positive step in raising the visibility of 
member issues and experiences for the 
benefit of all of us. 

The second change is the establish- 
ment of “task forces” as a way of deal- 
ing with short-term, highly focused 
activities with a finite life. The FAST CD 
project is a good example of this con- 


cept; the team is established for the life 
of the project, utilizes the required com- 
petent volunteers, and then dissolves 
once the task is finished. Interex envi- 
sions quite a few of these task forces, 
therefore the need for more members 
to be involved. Within the Software 
Services committee (the successor to 
the CSL Coordinating committee), 
we ve determined the need for four to 
eight task forces to be formed and begin 
work on a number of different issues. It 
would be unrealistic for the existing 
committee volunteers to undertake 
these tasks since it’s clearly more than 
we can handle. That’s where you come 
in. Some of the tasks that we need to 
accomplish include: 


1. HP World Support 
2. HP World Swap Tape 3. HP-UX Fast 
Start 

4, Year 200 Safe verification (each 
platform) 

. Possible MPE Fast Start 

. Software support Q & A mailing 
lists/news groups 


mH Ol 


If you think you have an interest in 
getting involved in these efforts, please 
contact me or the Volunteer Develop- 
ment Committee at vdc@interex.org 
or Gayle Crossley at 1-800-INTEREX, 
extension 603. tL 


Paul Gerwitz is chairman of the Contributed 
Software Library committee and a Technical 
Consultant at Hewlett-Packard. For 16 years, 
he was a technology specialist and analyst 
at Eastman Kodak in Rochester NY. He can 
be reached at 610-408-6526 or via e-mail at 
gerwitz@interex. org. 
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Continued from Page 13 
New from New Dimensio 
Software 


Enterprise Production Management 

New Dimension Software has 
released its CONTROL-M Option for 
R/3 module, which allows CONTROL- 
M enterprise production control and 
scheduling software to support jobs in 
SAP R/3 systems running on Windows 
NT. Operations personnel can manage 
and automate the setup, scheduling, 
and execution of processes running 
across a multiple-platform computing 
environment. 

CONTROL-M Option for R/3 also 
allows operations personnel to define and 
run SAP jobs directly from CONTROL-M 
and to analyze the SAP job log as part of 
CONTROL-M’s SYSOUT facility. 

The product is also available for HP- 
UX and other operating systems. 

Pricing starts at $34,560. 


Enterprise Output Management 
New Dimension Software has an- 
nounced CONTROL-D/Decollation 
Server, completing the company’s line of 
Enterprise Output Management products. 
CONTROL-D/Decollation Server 
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adds UNIX and Windows NT servers to 
process reports generated anywhere in 
the enterprise. The decollation process 
separates production reports into 
appropriate subsets based on the recip- 
ient and business requirements. It also 


indexes the reports and assigns owner- 
ship, destination, and life-cycle attrib- 
utes to report sections. 

CONTROL-D/Decollation Server 
pricing starts at $15,995. 

Contact New Dimension Software, 
phone: (800) 347-4694 or (714) 7574300, 
fax: (714) 756-3900, http://www.ndsoft.com. 


Storage Management Software 
Programmed Logic Corporation (PLC) 
has announced an agreement with 
Invincible Technologies Corporation to 
license SnapShot, PLC’s online backup 
technology. SnapShot will be included in 
Invinaible’s new LIFELINE 2000 high-avail- 
ability and fault-tolerant NFS, CIFS, and 
application-specific server solutions for 
mission-critical client-server environments. 
The integration of SnapShot will 
enable LIFELINE 2000 users to back up 
and restore server data with full integrity 
while files are open and in use by other 
applications on the enterprise. Online 
backup functions enable administrators 


to implement system backups without 
shutting down the server and causing 
user downtime, and ensures the data 
integrity of files which must remain 
open during the backup process. 

Contact Programmed Logic Corpo- 
ration, phone: (908) 302-0090, 
http://www.plc.com. 

‘ 


Rapid Prototyping System 
Stratasys, Inc. has announced its 
“ABSolute ABS” rapid prototyping pack- 
age for $99,000. The complete package, 
available in North America, consists of the 
FDM1650 modeler, QuickSlice software, 
training, installation, standard 90-day war- 
ranty, and startup ABS material supply. 
The “ABSolute ABS” package pro- 
vides all the necessary elements to pro- 
duce 3D models, prototypes, and tooling 
patterns and masters in ABS (acryloni- 
trile butadiene styrene). Outputting 
models early in the design process for 
review and verification can result in 
savings up to 85 percent in time and 
money. The strength of the completed 
ABS models allows for form, fit, and 
functional testing of parts without the 
cost of expensive prototype tooling. 
Operating in an office environment, 
FDM1650 builds exceptionally strong 
ABS parts up to 10x10x10 inches. The 
software is designed with a Windows-like 
user interface for simple and quick file 
processing. The system runs on Silicon 
Graphics, Hewlett-Packard, Windows 
NT, and Sun platforms. 
Contact Stratasys, phone: (612) 937-3000, 
fax: (612) 937-0070, e-mail: fdm@strata- 
sys.com, http://www.stratasys.com. 


GUI Development 

MetaCard Corporation has an- 
nounced the MetaCard 2.1 multimedia 
authoring tool, which supports cross- 
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FastStart Toolbox 
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ST-1622 and EL-162 EtherLite Port Servers 


Switchable RS-422/RS-232 Port Products 


Central Data Corporation has announced that its serial expan- 
sion line has broadened to include two new products with indi- 
vidually switchable ports: the ST-1622 scsiTerminal Server and 
EL-162 EtherLite Port Server. Both servers allow users to indi- 
vidually select between RS-232 and RS-422 ports from the same 
server. They are compatible with UNIX, HP-UX, Windows NT, 


and Java. 


Both models provide 16 real ports that appear as local ttys under 
UNIX and as native COM ports under Windows NT. 


The ST-1622 scsiTerminal Server connects externally to a stan- 
dard SCSI-2 bus, without consuming a single internal card slot. 
The EL-162 EtherLite Port Server can auto-detect and operate in either 10Base-T or 100Base-T Ethernet links. 


Each server is priced at $1,795. 


Contact Central Data, phone: (800) 482-0315 or (217) 359-8010, fax: (217) 359-6904. 


platform development. It runs as a 
native 32-bit application on Windows 
95/NT and UNIX. Applications devel- 
oped on any platform can be run on 
any other platform without recompil- 
ing or other preprocessing. Native look 
and feel are available on all platforms. 

MetaCard 2.1’s new features make 
building complete graphical applications, 
multimedia presentations, CBT systems, 
and online documentation easier. A new 
palette-based development environment 
makes extensive use of MetaCard’s new 
controls and language features. 

With MetaCard 2.1 even non- 
programmers can develop full featured 
client-server applications quickly and 
easily. 

Contact MetaCard Corporation, phone: 
(303) 447-3936, exnail: info@metacard.com, 
http://www.metacard.com. 


Virtual Machine Tool 

SPRING has announced NCSIMUL, 
a machine-tool simulation package that 
verifies and optimizes NC programs for 
2.5 to 5 axis milling and turning 
machines. Users can now test programs 
offline on the computer, instead of on 
shop floor production machines. 

The layout, terminology, and symbols 
of the user interface replicate the machine 
tool environment with which operators 
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are familiar. The program is driven 
through a series of simple, intuitive pop- 
up and pull-down menus that guide users 
through selection of the machine tool, 
tool library, CAD models, rough stock, 
clamps, etc. NCSIMUL runs on HP-UX 
and other UNIX workstations and on 
Windows NT/95 computers. 

NCSIMUL consists of four modules. 
The View module reads and displays the 
NC program in various formats and sup- 
ports over 20 controllers. The Interface 
module imports CAD files by direct trans- 
lation. The Verify module defines rough 
stock, simulates material removal, and 
verifies machining according to dimen- 
sional and angular measurements of the 
part. Finally, the Move module provides 
a total simulation of the machine tool, 
including geometric and kinematic def 
inition, as well as management of linear, 
angular motion, and range. 

Contact SPRING via the French 
Technology Press Office, phone: (312) 
222-1235, fax: (312) 222-1237, e-mail: 
ftpousa@aol.com. 


Photogrammetry Software 

3D Construction Company has 
announced its new 3D Builder Pro 
Version 3.0, which builds detailed and 
accurate 3D models from photographs— 
complete with full surround, seamless, 


photo realistic textures. 3D Builder Pro 
Version 3.0, the new close range pho- 
togrammetry software, allows for the pro- 
cessing of photos to obtain accurate field 
measurements and to create 3D “as built” 
CAD models. The product features New 
CAD style modeling tools for curves and 
shapes, offers fast and easy modeling of 
curved shapes without the need for target 
points, and new automatic camera ori- 
entation for faster setups of 3D projects. 

3D Builder Pro Version 3.0 makes it 
easier to streamline 3D model creations. 
Also included is the new VRML 2.0 
export with data files small enough to 
use on the Internet. 

3D Builder Pro Version 3.0 is priced 
at $695. 

Contact 3D Construction, phone: 
(423) 543-8917, fax: (423) 543-4011, e- 
mail: threedc@usit.net. 


UNIX/Windows NT Integration 

ICL has announced Centrivex Swift, 
the first of a new Centrivex line of soft- 
ware tools to be sold over the Internet. 
It offers UNIX workstation capability on 
Windows NT platforms to enable sys- 
tems administrators to easily integrate 
UNIX and NT systems and share data 
between the two platforms. 

Centrivex Swift enables organizations 
to exploit their existing investment in 
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UNIX as they incorporate an increas- 
ing number of Windows NT platforms 
into their IT environments. Swift pro- 
vides more than 45 of the most com- 
monly used UNIX utilities. Designed for 
ease-of-use, Swift enables users to access 
more utilities from a graphical interface 
featuring menus and toolbars within the 
Swift shell. 

Centrivex Swift is priced at $159. 

Contact ICL, phone: (714) 855-5505, 
fax: (714) 458-6257, http://iclsoft- 
tech.com. 


Web-Enabled Database Access 
UniPrise Systems, Inc. has announced 
Tango/DAL, a new integrated software 
solution that combines Uniprise’s 
Database Access Language technology 
with EveryWare’s Tango, a Web-based 
rapid application development tool. The 
combination provides for enhanced 
browser access to databases in rapidly 


expanding intranet/extranet environ- 
ments. The new software provides Web- 
enabled access to virtually any corporate 
database from any browser using Tango 
Enterprise applications. 

The new Tango/DAL bundle is 
priced starting at $1,295. 

Contact UniPrise Systems, phone: 
(714) 864-2000, fax: (714) 864-2001, 


http://www.uniprise.com. 
New from Hummingbird 


NES Maestro Version 6.0 

Hummingbird Communications Ltd. 
has announced NFS Maestro Version 
6.0 for Windows 3.x and Windows 
NT/95. NFS Maestro provides complete 
NFS Version 3 support, an integrated 
NIS Services application with NIS pass- 
word management support, and Jconfig, 
a Java-based remote application man- 
agement system that reduces the overall 


cost of ownership of Hummingbird soft- 
ware by enabling automated configu- 
ration and management of NFS clients 
and TCP/IP applications. 

NFS Maestro’s performance en- 
hancements include NFS over TCP, sup- 
port for NFS Version 3’s extended access 
control list support, and enhanced NIS 
functionality. 

NFS Maestro is priced at $395. 


Terminal Emulation 

Hummingbird Communications has 
announced HostExplorer Version 6.0, 
the company’s high-performance main- 
frame terminal emulation suite. Host- 
Explorer is a TN3270E, TN5250, and 
Telnet terminal emulation application 
suite for all Windows platforms that 
delivers high-performance connectivity 
between PCs, mainframes, and other 
hosts over standards-based TCP/IP net- 
works, and includes a fully integrated 
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set of robust TCP/IP applications. 


HostExplorer enables users to run 
multiple host sessions alongside desk- 
top productivity applications without 
expensive hardware upgrades. It in- 
cludes Sconfig and Jconfig, which 
enable administrators to easily install, 
manage, and configure thousands of 
HostExplorer desktops across the enter- 
prise. Users can manage mainframe ses- 
sions through the Windows interface 
and can customize virtually every aspect 
of their mainframe sessions through 
Windows Explorer. 

HostExplorer is priced at $245. 

Contact Hummingbird Communica- 
tions, phone: (415) 917-7300, fax: (415) 
917-7310, http://www.hummingbird.com. 


New from IEM 


DDS-3 DAT Solutions 

IEM, Inc. has announced a range of 
backup solutions based on HP’s DDS-3 
DAT drive. The DDS-3 drive features a 
sustained transfer rate of 1 MB/second 
native and 2 MB/second with 2:1 data 
compression. DDS-3 drives can store 24 
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GB (with 2:1 compression) on a single 
4-mm data cartridge (native capacity is 
12 GB). 

IEM offers a selection DDS-3 solu- 
tions, including stand-alone drives and 
libraries. 


SAP R/3 and Informix Backup 

IEM has announced Alexandria 
Backup Librarian, which provides com- 
plete, automated client-server backup 
of both UNIX file systems and Oracle, 
Informix, Sybase, SAP, and CATIA data- 
bases. Alexandria’s true client-server 
architecture allows clients to back up to 
multiple servers across heterogeneous 
networks, file catalogue information to 
be centralized or distributed, and oper- 
ations to be launched from remote 
machines. It provides enterprise-wide 
management of media, devices, and 
data. Alexandria access is through a win- 
dowed GUI, but a command-line inter- 
face is available for system administrators 
and experienced UNIX users. 

Contact IEM, phone: (970) 221-3005 
(USA) or +(44) 01455 239000 (U.K.), 
e-mail: info@iem.com. 


Software Management 
Aqueduct 
announced the Aqueduct Profiler, 


Software has 


which collects information on how 
software applications are being 
used and automatically sends it 
back to the software organization 
over the Internet. 

The Aqueduct Profiler is a soft- 
ware management product that 
attaches to the application program 
and sends usage data back to the 
vendor via Internet e-mail proto- 
cols as the application is being run. 
Thus the software team can run a 
much more accurate and defini- 
tive beta test, determining prior to 
shipment which features are most criti- 
cal to customers or how product 
“crashes” may be related to specific fea- 
ture usage patterns. 

Implementation of the Aqueduct 
Profiler has no effect on the applica- 
tion’s performance or behavior. The 
product supports client, server, and 
stand-alone applications written for HP- 
UX and Windows NT/95. 

Pricing starts at $15,000 per year. 

Contact Aqueduct Software, phone: 
(650) 463-8700, fax: (650) 463-8706, e-mail: 
info@aqueduct.com, http://www.aque- 
duct.com. 


New from Esker 


TN3270 Data Access 

Esker has announced Tun PLUS 8.6, 
which runs on UNIX, Windows NT, and 
IBM platforms. 

Tun PLUS 8.6 includes three fully 
configurable modules—Tun EMUL, Tun 
SQL, and Tun NET. Tun EMUL (the 
emulation module) extends TN3270E 
support for the enterprise and provides 
access to SNA gateways for access to 


pooled and fixed LU connections. Tun 
SQL (the data access module) gives 
added support for DB2 on IBM MVS 
and full DB2, Oracle, and Informix sup- 
port on NT. Tun NET’s SMB file shar- 
ing protocol has been adopted by 
Microsoft Windows clients. 


Web-to-Host Integration 

Esker has announced Esker PLUS, 
which provides all-in-one Web-to-host 
access and integration. 

Esker PLUS gives end users imme- 
diate parallel access to the legacy appli- 
cations and data on most corporate 
systems straight from their client and 
without having to wait for MIS to install 
and configure their desktop. Authorized 
end users simply deploy Esker PLUS 
from their Web browsers when they 
need it. 

EskerPLUS provides system admin- 
istrators with tools needed to install, con- 
figure, and offer end-user deployment of 
all applications and services. Individually 
customizable end-user configurations 
can be created and installed once and 
then made available to specific clients. 
Developers do not have to modify exist- 
ing mission-critical systems to create new 
applications and reports that leverage 
investments in the network. 

EskerPLUS supports UNIX, Windows 
NT, and other platforms. 

Contact Esker, phone: (415) 675. 
7777, fax: (415) 675-7775, e-mail: 
info@esker.com, http://www.esker.com. 


Attention vendors: New product announce- 
ments should be sent to New Products Editor, 
hp-ux/usr magazine, Interex, PO. Box 3439, 
Sunnyvale, California 94088-3439, USA, 
or e-mail: wright@interex. org. 

Deadline for submission is two months 
prior to publication. 


Hewlett- 
Packard 
9000 
It’s Our Specialty 
200/300 Series 400Series 700Series 9800 Series 
216/236/217 425e 705/710 E/F/G 
310/320/330 425t 715/720 H/I/K 
350/360/370 425s 730/750 


318/319/340 433s 735/7 55 
345/375/380 C/J Series 


We also carry memory and interface for all of our workstations 


Plotters © 
DesignJets 
DraftPro 

DraftMaster — 
Desktops 
Electrostatic 


Mass Storage 
9121/9122 
9153A/B/C 
C2254HA 
C2440HA/JA 
C3232A 


C2213A/D 
DAT Drives 
CD ROMs 
Optical Drives 


Printers 
2225A/B/C/D 
3630A PaintJet 
C1602A PaintJet XL 
LaserJet II/ID/IP 
LaserJet III/IIID 
LaserJet IIIPIIIsi 
LaserJet 4L/4P/4,/4+/4S1/4V/4MV 


Specials 
DesignJet 650C Plotter 
We offer large discounts, WAM backano 
outstanding service 
and immediate delivery. 
TED DASHER & ASSOCIATES 
PH: 800-638-4833 
FAX: 205-591-1108 
E-mail: sales @dasher.com 
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Do You Know Where Your Security Holes Are? 


Find Them with SecurityAudit/UX! 


Have You Heard that UNIX is Notorious for Its Lack of Security Features? 
Do You Know Where to Check to See if Your HP-UX System is Secure? 


Do You Have the Time to Do This Checking Regularly? 
Use SecurityAudit/UX To Do It All! 


EVEN IF YOUR SYSTEM IS SET UP CORRECTLY (AND HOW WOULD YOU KNOW IF IT WAS?) AND HAS NO SECURITY LOOPHOLES, IT CAN 
BE VERY DIFFICULT TO MONITOR SYSTEM CHANGES, AND TO ENSURE THAT SECURITY ISN’T COMPROMISED. THE MAGNITUDE OF THE 
PROBLEM INCREASES AS THE TOTAL NUMBER OF USERS CONFIGURED AND THE TOTAL NUMBER OF FILES GROWS. IT’S EASY FOR 
ORDINARY USERS TO CHANGE THE SECURITY OF THEIR OWN FILES TO ALLOW OTHERS TO ACCESS THE CONTENTS. A LOOPHOLE LEFT 
BEHIND INADVERTENTLY OR ON PURPOSE MAY BE EXPLOITED BY A DISGRUNTLED EMPLOYEE OR A HACKER TO BREAK SYSTEM 
SECURITY, SOMETIMES MUCH LATER. 


SecurityAudit/UX PRODUCES OVER 40 REPORTS, CONTAINING DETAILED INFORMATION ON THE FOLLOWING CLASSES OF 
PROBLEMS: 


User and Group-related problems, including weak passwords and non-unique identification numbers. 
File-system related problems, including historical tracking of files and detection of potential Trojan horses. 
PDF-related security problems, extended to detect changes in ACL specifications. 

Logging subsystems status display, and logfile analysis. 

Network-related status display and configuration weaknesses. 


SecurityAudit/UX RUNS ON ALL HP-UX BASED 9000 SERIES 700 AND 800 SYSTEMS, AND HAS BEEN SPECIFICALLY TAILORED TO 
ADDRESS PECULIARITIES OF HP-UX, SUCH AS PDF, ACL AND HP’s SHADOW PASSWORDS. 


Call EUGENE VOLOKH for more info! 


1135 S. Beverly Drive 
Los Angeles, CA 90035 U.S.A. 


Purveyors of Fine HP Software 
FAX (310) 785-9566 


Since 1980 
(310) 282-0420 


CIRCLE 40 ON READER SERVICE CARD 


hp-ux/usr = nov./dec.1997 The 


iN, 
SON JANUARY 1, 1998 
“HHP COMPUTER USERS 
»CAN CELEBRATE MORE 
THAN THE NEW YEAR. 


If you are a Hewlett-Packard computer user, January 1, 1998 will give you a lot more than the New 
Year to celebrate. Starting that day, Interex will introduce its new membership program designed to 
give you even greater access to the products and services that you need to be successful. 


Interex’s new membership structure enables you to: 


SAVE MORE MONEY THROUGH BENEFITS SUCH AS: 
@ 20% discounts on selected Microsoft Press titles plus all Prentice-Hall 
and O’Reilly publications 
H@ Up to 15% discounts on Abtech, ClassPass, and Datatech Institute training 
i Up to $250 discount on Interex conferences 
® Hertz and Avis discounts/upgrades 


SAVE MORE TIME WHEN YOU USE ONE OR MORE OF THE FOLLOWING: 


@ 4,800+ solution-oriented programs from the Contributed Software Library 
@ HP-UX 10.x FastStart Toolbox CD gets you up and running on 10.x fast 
@ MPE Freeware Tape—all the latest freeware in a fraction of the time 


GAIN GREATER TECHNICAL ABILITY THROUGH: 


@ Step-by-step HP-UX and MPE Technical Journals 
@ Local User Groups and Special Interest Groups 
@ and much more! 


CUSTOMIZE YOUR OWN BENEFITS! 


Take advantage of this new more flexible, more accessible benefit 


structure today. To order the computing solutions you need or inte rex 
for more information, simply contact an Interex Membership 
Representative at 1-800-INTEREX (468-3739) or 1-408-747-0227, Shared Success for 


HP Computing 


ext. 636. Or visit our Web site at http://vww.interex.org. Pisfisstenals 


Cut Superhuman tasks down to size. 


Michel Lotito of Grenoble, France was known as Monsieur Mangetout (“ Mr. Eat- 
Everything”). Among the delectables he consumed were chandeliers, TV sets and 
an entire Cessna light aircraft. Now there’s an appetite for big challenges. Which 
also describes IBM’s DB2 for HP-UX. A great majority of the Fortune 500 already 
use DB2 to manage vast, complex databases. Today, this scalable solution is ready to 
go to work in your HP-UX environment — to help keep data safe, secure and easily 
accessible. In combination with IBM’s Net.Data for HP-UX, DB2 can also help you deploy databases in dynamic Web 
applications. These are just two powerful and proven IBM solutions now available for HP-UX. Others include MOSeries, 
ADSM, Lotus Domino, Transaction Server and more. For further information — including opportunities for resellers — 


contact your HP distributor or visit the [BM Software for HP-UX Website at www.software.ibm.com/hp 
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IBM, MQSeries, DB2, Net.Data, ADSM (ADSTAR Distributed Storage Manager), and Transaction Server are registered trademarks of International Business Machines 
Corporation. Lotus Domino is a registered trademark of Lotus Corporation. All other company and/or product names are trademarks of their respective companies. 
©1997 IBM Corp. All rights reserved. Reprinted from the Guinness Book of Records, 1997©. Permission granted by Guinness Media Inc. 


VA X/ UNI X 
FEATURES: 


* KEA! 420 for DEC’ 
VT420 emulation 


* KEA! 340 for DEC 
V1340 graphics and 
VT420 emulation 


* Supports DDE, OLE, 
HLLAPI, WinHLLAPI 
and Attachmate’s 
Enterprise Access 
Library for 
automation and 
integration 


* Fully customizable 
menus and SmartPads 


* Macro language with 
macro recorder 


+ Multiple sessions 
New in Version 5.0: 


* One CD for Windows’, 
Windows 95 and 
Windows NT” 


* Configuration wizard 
- Truelype font 
* Configurable toolbar 


* Drivers for LK450 and 
Powerstation keyboards 
in Windows 95 


Call 1-800-933-6751 


www.attachmate.com/ad/hpv.htm 
Source Code: 630.02 


Attachmate is a registered trademark and KEA! 
and Powerstation are trademarks of Attach- 
‘mate Corporation. Microsoft Windows and 
Windows NT are registered trademarks of 
Microsoft Corporation. DEC and VAX are 
registered trademarks of Digital Equipment 
Corporation. UNIX is a registered trademark 
in the United States and other countries, 
licensed exclusively through X/Open Com- 
pany, Ltd. TrueType is a trademark of Apple 
computer, Inc. All other trademarks or regis- 
tered trademarks are the property of their 
respective owners. 


eee §6| ont risk ruining your image. 
“connectivity software. _ 


Choose KEA!," the complete 
solution for integrating VAX* and 
UNIX*® host information with 
PC applications. Feature-rich and 
user- feted, KEA! lets you create transparent links 
between Microsoft” Windows® documents and 


host documents. 4 =Attachmate. 
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